A “SQL injection” (SQLI) attack is an exploit that takes advantage of poor web development techniques and, typically combined with, faulty database security. The result of a successful attack can range from impersonating a user account to a complete compromise of the respective database or server. Unlike a DDoS attack, an SQLI attack is completely and easily preventable if a web application is appropriately programmed.
Executing the attack
Whenever you login to a web site and enter your user name and password, in order to test your credentials the web application may run a query like the following:
Note: string values in a SQL query must be enclosed in single quotes which is why they appear around the user entered values.
So the combination of the entered user name (myuser) and password (mypass) must match an entry in the Users table in order for a UserID to be returned. If there is no match, no UserID is returned so the login credentials are invalid. While a particular implementation may differ, the mechanics are pretty standard.
So now let’s look at a template authentication query which we can substitute the values the user enters on the web form:
