SQL injection


• A SQL injection attack exploits vulnerabilities in a web server
database that allow the attacker to gain access to the database
and read, modify, or delete information.
• An example of a SQL injection attack is making the condition
true by giving the identical value to a web page.
These values can be inserted into a login as follows:
• Login: 1' or '1'='1 and Password= 1' or '1'='1
• Login: 1' or '1'='1';--
• When the Username argument is evaluated, ‘1’=’1’ will assess to
TRUE, and an authentic username will be returned.
Picture

Input Validation on the SQL injection

Picture

• There are measures that can be applied to mitigate SQL
injection attacks.
• Web developer can check whether some suspicious characters
are sent from the Login Page like ‘, “, ;, -- , etc
• Always store the Passwords in the Database server in the
Encrypted Form.
• Use of these practices does not guarantee that SQL injection can
be completely eliminated, but they will make it more difficult for
Hackers to conduct these attacks.