Web Security Short Series — SQLi.

copyright sec_r0:https://securityzines.comSQL injection is the server-side vulnerability that can lead to DB content exfiltration due to the absence of proper user input validation.Essentially, this vulnerability inteferes with the SQL queries an application makes to its database.The attacker can then craft malicious queries, and pass them on to the database instead of the queries that an application would typically send to the DB.This is as bad as it sounds. An attacker can dump an entire database with the correct queries and payloads.Likewise, an attacker can leverage an SQL injection attack to compromise the underlying server or other back-end infrastructure and obtain a shell, this is often the goal for most attackers.Consider the below simple payload, that when injected in a vulnerable field, will drop a php webshell on the target server web root. An attacker can then use the webshell to run other system level commands.

Consider the below illustration how an attacker would typically conduct and SQL injection.

copyright:https://portswigger.net/web-security/sql-injection

So, what do security engineers and developers do to mitigate this vulnerability in their applications?

Validate user inputs: User input should never be trusted. Checks should be put in place to ensure that all user input data is validated and sanitized before being passed on for processing.Use prepared statements: These pre-defined SQL statements prevent unexpected code from being injected.Use whitelists, not blacklists: Blacklists can easily be bypassed through many ways including encoding of all malicious payloads. Whenever necessary, verify and filter user input using strict whitelists only.

More reading and Labs:

I hope you enjoy this piece!