Module Overview

• Objective: Gain a deep understanding of SQL Injection as a critical vulnerability in web applications, including types, techniques, tools, and countermeasures. This knowledge is essential for the Certified Ethical Hacker Exam 312-50.
• Structure: The module covers:
  • SQL Injection Concepts
  • Types of SQL Injection
  • SQL Injection Methodology
  • SQL Injection Tools
  • Evasion Techniques
  • Countermeasures

1. SQL Injection Concepts

• Definition: SQL Injection is a technique that exploits vulnerabilities in a web application’s input validation. This allows attackers to inject SQL commands into queries executed by a database, manipulating the database to perform unauthorized actions.
• Purpose: Attackers use SQL Injection to gain unauthorized access, retrieve sensitive information, modify or delete data, or even take control of the underlying server.

Why SQL Injection is Dangerous:

• Vulnerable web applications can be manipulated to:
  • Bypass Authentication and Authorization: Gain access to restricted areas without valid credentials.
  • Compromise Data Integrity: Modify or delete data, potentially defacing websites or corrupting databases.
  • Compromise Data Availability: Delete critical information or logs.
  • Remote Code Execution: Some SQL injections can escalate into executing commands on the server.
• Underlying Technology:
  • SQL (Structured Query Language) is a language used for data manipulation in relational databases.
  • Common SQL commands include:
    • SELECT: Retrieve data from databases.
    • INSERT: Add data to tables.
    • UPDATE: Modify existing data.
    • DELETE: Remove data from tables.

2. Server-Side Technologies and SQL Injection

• Overview of Server-Side Technology Vulnerability:
  • Technologies like ASP.NET, PHP, JSP, and ColdFusion allow dynamic, data-driven applications but are prone to SQL Injection when they don't sanitize inputs properly.
  • Relational Databases Affected: SQL Server, Oracle, IBM DB2, MySQL.
• Main Issue: SQL Injection targets insecure code rather than specific software vulnerabilities in databases, which means the problem often lies in how developers handle user inputs rather than in the database systems themselves.

3. Understanding HTTP POST Requests

• HTTP POST Request Mechanism:

  • POST requests allow users to send data within the request body (unlike GET requests, which append data to the URL).
  • POST is used to submit form data and authenticate users, making it an ideal target for SQL Injection if inputs aren’t sanitized.

• Example:

  select * from Users where (username = 'smith' and password = 'simpson')
  

  • If user input isn’t validated, malicious SQL code can be injected into the form fields to manipulate the database.

4. Normal vs. SQL Injection Queries