Allows us to access the Database. SQL Can: Executes a queries against database. Retrieve data from database. Insert new records in database. Delete record from database.
common Website vulnerability today! It is a flaw in "web application" development, it is not a DB or web server problem In our pen tests over 60% of our clients turn out to be vulnerable to SQL Injection
FROM users WHERE login = 'victor' AND password = '123' (If it returns something then login!) ASP/MS SQL Server login syntax var sql = "SELECT * FROM users WHERE login = '" + formusr + "' AND password = '" + formpwd + "'";
Everything after is considered part of the SQL command Misleading Internet suggestions include: Escape it! : replace ' with ' ‘ String fields are very common but there are other types of fields: Numeric Dates
you can insert the data in the Database of website… B’; insert into <tablename> values (<col1,col2...>); -- Example: B’; insert into signup values(55,’Abc’,’xxx’,’yyy’); --
can update the passwords of all the users… Syntax: X’; update <tablename> set pass=‘<yourvalues>’; -- Example: X’; update signup set pass=‘nnn’; --
* from Users where user = @user and pwd = @pwd"; SqlCommand cmd = new SqlCommand(sql,con); cmd.Parameters.Add("@user",User.Text); cmd.Parameters.Add("@pwd",Password.Text); Use Stored Procedures
Dangerous Effects Access to critical information Updating data not meant to be updated Exploiting DBMS to directly affect the server and its resources Prevention of SQL Injection Input Validation and Query Building Permissions and Access Rights Variable Placeholders (Prepare) and Stored Procedures