Monday, November 10, 2008

SQL Injection: Crazzy Way to bypass Login

SQL injection is quite simple method of hacking a website login. You do not need much knowledge and it is not a secret any more. Even small kinds can try it. You can find thousands of good articles, e-books and tutorials about SQL injection on net. Because of this many websites blogs been attacked by using SQL injection.

Couple of interesting News you can find on Google News for SQL- Injection

Business Bloggers Leave Blogs Open To HackersZDNet UK, UK - 18 hours agoThe two main threats bloggers face are comment spam and SQL injection attacks. Both Blogger and Wordpress have been vulnerable to SQL injection attacks, ...

Massive SQL Injection Attacks: The Chinese WayCircleID, Canada - 22 Oct 2008... with tools and setting new benchmarks for massive SQL injection attacks, like the case with this one: ”A professional web site vulnerability scanning, ...

Adobe website suffers SQL injection attackIT PRO, UK - 20 Oct 2008Sophos said that Mac/Badsrc-C was a dangerous piece of malware which spread by infecting PCs with SQL injection. This downloaded malicious scripts from the ...

If you interested in reading more news related to SQL Injection Go to Google News.

Yes. it is pretty scary if you manage and website or a blog. It would be quite fun to try SQL injection on websites and see if they haven't handle it well.

If so missed a simple validation at some point your database might be open for a SQL Injection and results would be
unauthorised login in to your members area
SQL injector get hold of all your data and your SQL table structure
Changing your valuable data
Delete a Database table or tables or
if attacker gets lucky may be whole database would be deleted.

How SQL injection Works?

It is pretty simple. I will satart with a simplest example. Imagin Website Database has a Table called 'USER_LOGIN' and there are two columns for 'USERNAME' and 'PASSWORD'. In your webpage loging.aspx or login.php you will have TXTUSERNAME.TEXT and TXTPASSWORD.TEXT. Two text boxes with simple server side validation or no server validation at all. So you will have a simple SQL query in your loging page something similar to


then you will be checking if the result is greater than or equel to one then you take the user to next step that is login. If your website loging is doing something similar your website might be open for a SQL injection.

Lets see what happend if someone type ' or 1=1 --- in the TXTUSERNAME text box. Above SQL query will be rewritten as follows.

SELECT * FROM USER_LOGIN where USERNAME = '' or 1=1 --- ' AND PASSWORD = 'anything';

In English above SQL query means Select each record which satisfy the condition that USERNAME is equal to '' or 1=1. --- will comment out the rest of the query so it really does not matter what you type on the password. Which will return all the record as 1=1 is always True with the OR condition. Logic is so simple and it is Crazzy.

I will post more about SQL Injection and would like to know what you like to know. I can share some e-books related to SQL Injection and How to protect your website from that.

Further Reading

SQL Injection Attacks By Example

Please do not miss use this.
Blog Widget by LinkWithin