SQL Injection(SQLi)
Introduction to SQL Injection
What is SQL Injection?
SQL Injection (SQLi) is a web security vulnerability where attackers inject malicious SQL code into application input fields to manipulate backend databases.
Common target areas:
- Login forms
- Search bars
- URL parameters
- Registration forms
Why SQL Injection Happens
SQLi occurs when applications:
- Trust user input directly
- Use insecure dynamic SQL queries
- Fail to validate or sanitize input properly
Risks of SQL Injection
Attackers can:
- Bypass authentication
- Steal sensitive information
- Modify or delete records
- Access administrator accounts
- Compromise entire databases
What does SQLi stand for?
SQL Injection targets backend databases.
Which input field is commonly targeted in SQLi attacks?
What is the main cause of SQL Injection?
Case Study: An attacker bypassed a login page using malicious SQL code. What attack occurred?
SQL Injection can delete database records.
Which database language is targeted in SQLi attacks?
What type of data is commonly stolen using SQLi?
Types & Techniques of SQL Injection
Types of SQL Injection
In-Band SQLi
Attackers receive direct responses from the application.
- Error-Based SQLi
- UNION-Based SQLi
Blind SQLi
Attackers identify vulnerabilities through application behavior.
- Boolean-Based SQLi
- Time-Based SQLi
Out-of-Band SQLi
Attackers extract data using external channels such as DNS or HTTP requests.
Common SQL Injection Techniques
OR 1=1 Attack
' OR 1=1 --
Purpose : Bypass login authentication
Comment Injection
--
/* */
Purpose : Ignore remaining SQL query parts
Batch Query Injection
'; DROP TABLE users; --
Purpose : Execute multiple SQL commands
UNION-Based Injection
UNION SELECT username, password FROM users;
Purpose : Extract sensitive database data
Which SQLi type directly returns query results?
Blind SQLi uses application behavior for detection.
Which SQLi technique uses response delays?
What SQL operator is used in UNION attacks?
Case Study: An attacker extracted usernames using UNION SELECT. Which attack was used?
Which symbol comments out remaining SQL code?
Out-of-Band SQLi uses DNS or HTTP channels.
Which attack payload bypasses authentication easily?
Real-World SQL Injection Attacks
Real-World SQL Injection Attacks
| Organization | Year | Impact |
|---|---|---|
| Guess.com | 2002 | Customer data exposed |
| Heartland Payment Systems | 2009 | 130M+ card records stolen |
| Yahoo Voices | 2012 | 450K passwords leaked |
| TalkTalk | 2015 | Customer records compromised |
| Gab | 2021 | 70GB sensitive data leaked |
Impact of SQL Injection
SQL Injection attacks may cause:
- Financial losses
- Data breaches
- Reputation damage
- Legal penalties
- System compromise
Which company lost 130 million credit card records?
Yahoo Voices leaked plain-text passwords.
Which organization suffered a telecom-related SQLi breach?
Case Study: A company exposed customer payment data due to SQLi. What was compromised?
Which platform lost 70GB of sensitive data in 2021?
SQL Injection can cause financial losses.
What type of information was leaked in Yahoo Voices breach?
Which early SQLi attack exposed customer records in 2002?
Prevention, Testing & Conclusion
SQL Injection Prevention
Use Parameterized Queries
client.query(
'SELECT * FROM users WHERE id=$1',
[userId]
);
Validate User Input
- Restrict invalid characters
- Apply type checking
- Use input filtering
Apply Least Privilege Principle
Database accounts should only have necessary permissions.
Use Web Application Firewall (WAF)
WAF helps detect and block malicious SQL requests.
SQL Injection Testing Tools
sqlmap : Automated SQL Injection testing tool
Burp Suite : Web application security testing platform
OWASP ZAP : Open-source vulnerability scanner
Conclusion
SQL Injection is one of the most critical web application vulnerabilities. It allows attackers to manipulate databases and access sensitive information.
Best Security Practices
- Use parameterized queries
- Validate all user inputs
- Avoid dynamic SQL queries
- Perform regular security testing
- Apply least privilege access controls
What is the best defense against SQL Injection?
Input validation helps prevent SQLi.
Which security principle limits database permissions?
What security tool blocks malicious SQL traffic?
Which automated tool is popular for SQLi testing?
Burp Suite is used for web security testing.
Which open-source tool helps detect web vulnerabilities?
What testing method manually checks SQLi payloads?
Case Study: A tester inserted ' OR 1=1 -- into a login form. What was being tested?