Transcript

NARRATOR:

SQL injection is one of the top three most common web app risks. And it’s probably in part because of how simple it is to perform. So who’s most vulnerable? Any website that’s SQL database driven with poor code.

So how does it work? Well, this attack is very commonly done on login screens. So let’s first see what’s happening to your username and password after they’re submitted.

In a poorly designed site, the name and password strings are directly inserted into a SQL statement, which probably looks like this. With this statement, the application is asking the server, do we have a user with the name chris and the password mypass1. And if so, it grants the user access to his or her account.

So the first thing an attacker will do is find out if the site is using a SQL database by entering a single quote into the username field and submitting it. Single quotes are special characters in the SQL language, and using them as part of a username will cause an error if the website doesn’t check for them. Once the error message is displayed, the attacker can confirm that the website’s using SQL, as well as other useful information.

And now the real injection begins. The attacker can enter the following command logic, which will render the following command. The command will force the selection of a valid username because the evaluation of one equals one is always true.

Now most of the time, the server will log in the attacker with the credentials of the first user in the table. The range of command manipulations is vast, from record retrieval to complete table deletion, so you can imagine how damaging this exploit can be to a website.

So how can we prevent this form of attack? Well, make sure that you do the necessary string checking for special SQL characters. It’s really not that many more lines of code, and it’s most definitely worth the time.

There’s also automated software available that can check your entire web application for injection, as well as other vulnerabilities, so you should check it out. It’s called Rational AppScan, and it’s really awesome software. That’s it for now. I hope you learned something.

[MUSIC PLAYING]