write a program to create sql injection
Answers
Short note on SQL Injection :
⇒ It is the most common technique that uses malicious SQL code to bypass login algorithms, retrieve and update data that was not intended to be displayed.
⇒ Insufficient input validation of SQL statements can expose them to SQL injection attacks.
⇒ SQL Injection tools - SQLMap etc, JSQL Injection, No SQL Map, White Widow...
⇒ With SQL injection, we can perform the following types of attacks:
(a) Bypass Authentication
(b) Remote Command execution
(c) Information disclosure.
⇒ Here is the list of types of SQL Injection:
(a) Error-based
(b) Boolean-based
(c) Time-based
⇒ The best ways to use to prevent SQL injection attack :
(a) Use Parameterized Queries
(b) Regular Expressions (or) Stored Procedures.
⇒ In order to learn SQL Injection, you should have adequate knowledge on SQL.
Small Program of SQL Injection using HTML form:
Here, we are entering right credentials.
Assume that there is some content - Brainly is the best educational site. It is helping a lot of students to gain more knowledge.
<form>
Username : <br>
<input type = "text" name = "name1">
</br>
Password : <br>
<input type = "password" name="name2">
</br></br>
<input type = "submit" >
</form>
Output:
Username :
Brainly
Password:
****
Login - After i click on login button, it will display the following output.
Output:
Brainly is a best educational site.It is helping a lot of students to gain more knowledge.
Now, We use SQL Injection to bypass login validation:
Username : 'or '1' = '1 (or) ' or 1 = 1 -- (or) 1' or '1' = '1
Password : **********
Login - After i click on login button, it will display the following output.
Output:
Brainly is a best educational site.It is helping a lot of students to gain more knowledge.
Here, 1 = 1 is true, hence it will return all the details required in the statement.
Note: Using SQL Injection on particular website is illegal. Use SQL Injection only for formal security audit.
Hope it helps!