SQL Injection

Question 1

What’s SQL injection?

Answer 1

type of injection attack that targets web applications that use SQL (Structured Query Language) to interact with databases

Question 2

When does SQL injection occur?

Answer 2

occurs when an attacker is able to manipulate or inject malicious SQL code into a web application’s database query, which is then executed by the database server

Question 3

What’s the attack scenario of SQL injection?

Answer 3

1. attacker identifies a vulnerable web application that does not properly validate or sanitize user-supplied input before incorporating it into SQL queries
2. attacker exploits this vulnerability by injecting specially crafted input to manipulate the intended SQL query

Question 4

What are the common targets of SQL injection?

Answer 4

various parts of a web application, such as user input fields (e.g., login forms, search boxes, registration forms), URL parameters, or cookies

Question 5

What are the different SQL injection attack techniques?

Answer 5

• Union-Based SQL Injection
  
  • attacker leverages the UNION operator to combine the results of a maliciously crafted query with the original query, allowing unauthorized access to data
• Boolean-Based SQL Injection
  
  • attacker uses conditional statements to infer information by manipulating the logic of the SQL query
• Error-Based SQL Injection
  
  • attacker exploits error messages or error handling mechanisms to extract information about the database structure or contents
• Time-Based SQL Injection
  
  • attacker introduces time delays in SQL queries to infer information based on the response times

Question 6

What are the potential consequences of SQL injection?

Answer 6

• unauthorized data disclosure, modification, or deletion
• attackers can bypass authentication mechanisms, retrieve sensitive data, or execute arbitrary SQL commands on the database server
• in some cases, an attacker can escalate privileges, gain administrative access, or execute operating system commands through the database

Question 7

What is a telltale sign that attacks is a SQL injection attack and why?

Answer 7

• single quotation mark in the input field
• quotation mark is used to escape outside the SQL code’s input field

Question 8

What mitigation techniques are used to prevent SQL injection attacks. Name 4

Answer 8

1. stored procedures
2. escaping user input
3. parameterized queries
4. input validation

Question 9

Describe stored procedures

Answer 9

limit what can be done via the database server

Question 10

Describe escaping user input

Answer 10

makes dangerous characters less likely to be a problem

Question 11

Describe parameterized queries

Answer 11

limit what can be sent in a query

Question 12

What is the character most commonly used in SQL injection attacks?

Answer 12

single quote character (‘) is used in SQL queries and must be handled carefully on web forms to protect against SQL injection attacks