Can someone explain WHY SQL injection works?

General technological topics without their own forum go here

Can someone explain WHY SQL injection works?

Post by HyperShadow243 on Sat Jul 24, 2010 1:26 pm
([msg=42625]see Can someone explain WHY SQL injection works?[/msg])

I just finished realistic mission 2 but I don't really understand why these certain strings cause a password bypass. I understand that x==x but why does SQL take that statement as a code or script or whatever it does instead of taking it as literally "x==x". Like in C++ if you have (for a simple example):

int x = 10;
cout << x << endl; //This would print out 10 where as:

cout << "x" << endl; //Would print out the letter x. Why isn't this the case with this SQL injection?


Thanks.
HyperShadow243
New User
New User
 
Posts: 7
Joined: Sat Jul 24, 2010 1:21 pm
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by Skiddie Killer on Sat Jul 24, 2010 1:42 pm
([msg=42626]see Re: Can someone explain WHY SQL injection works?[/msg])

First result on Google for "SQL injection":
http://en.wikipedia.org/wiki/SQL_injection
User avatar
Skiddie Killer
New User
New User
 
Posts: 46
Joined: Sat May 22, 2010 6:46 am
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by msbachman on Sat Jul 24, 2010 4:56 pm
([msg=42631]see Re: Can someone explain WHY SQL injection works?[/msg])

SQL injection works because quotes are used to block off strings. People can then add a quote or two to couple the standard input with something that always evaluates to be true via an 'OR'.

If that's not the sort of answer you're looking for then clarify what you mean by "why SQL injection works."
"I'm going to get into your sister. I'm going to get my hands on your daughter."
~Gatito
User avatar
msbachman
Contributor
Contributor
 
Posts: 681
Joined: Mon Jan 12, 2009 10:22 pm
Location: In the sky lol
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by Vulpine on Sat Jul 24, 2010 5:23 pm
([msg=42632]see Re: Can someone explain WHY SQL injection works?[/msg])

SQL injections have electrolytes.
User avatar
Vulpine
Poster
Poster
 
Posts: 379
Joined: Fri Mar 26, 2010 11:14 pm
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by HyperShadow243 on Sun Jul 25, 2010 11:07 pm
([msg=42725]see Re: Can someone explain WHY SQL injection works?[/msg])

msbachman wrote:SQL injection works because quotes are used to block off strings. People can then add a quote or two to couple the standard input with something that always evaluates to be true via an 'OR'.

If that's not the sort of answer you're looking for then clarify what you mean by "why SQL injection works."


Thank you. Exactly the answer I was looking for.
HyperShadow243
New User
New User
 
Posts: 7
Joined: Sat Jul 24, 2010 1:21 pm
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by ProdiGenius on Mon Jul 26, 2010 8:14 am
([msg=42742]see Re: Can someone explain WHY SQL injection works?[/msg])

having just beaten realistic 2 yesterday, i was wondering the same thing- but the wiki post answers any questions i did have.
ProdiGenius
New User
New User
 
Posts: 14
Joined: Sun Jul 25, 2010 4:51 pm
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by tremor77 on Mon Jul 26, 2010 11:06 am
([msg=42750]see Re: Can someone explain WHY SQL injection works?[/msg])

Now to add an additional learning experience to this topic... post a method in which you as a website designer can help to prevent an SQL injection on your scripts. Don't repeat any of the previous methods posted.

I will start: This one is simple and not very effective, but it's a good practice - don't connect your database using root or a user with privileges any greater than needed.
User avatar
tremor77
Addict
Addict
 
Posts: 1098
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by HyperShadow243 on Mon Jul 26, 2010 12:02 pm
([msg=42752]see Re: Can someone explain WHY SQL injection works?[/msg])

I don't know what the syntax would be for SQL but thinking in C++ one way would be to only allow alphanumerical symbols. So if a quotation mark or exclamation point or -- was submitted, it would complain and not allow the user entry. At least that's what I thought of. I'm sure there are way better ways of stopping SQL injections than this though :/

On a side note though, why wouldn't the method you stated be effective?
HyperShadow243
New User
New User
 
Posts: 7
Joined: Sat Jul 24, 2010 1:21 pm
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by tremor77 on Mon Jul 26, 2010 12:11 pm
([msg=42753]see Re: Can someone explain WHY SQL injection works?[/msg])

HyperShadow243 wrote:I don't know what the syntax would be for SQL but thinking in C++ one way would be to only allow alphanumerical symbols. So if a quotation mark or exclamation point or -- was submitted, it would complain and not allow the user entry. At least that's what I thought of. I'm sure there are way better ways of stopping SQL injections than this though :/


Absolutely, in PHP this may refer to htmlspecialchars, which can strip out special characters.. some people may opt to use a preg_match/replace routine as well.. this works well, unless your input requires usage of any special characters. The same can be done in ASP as well with similar functions.

HyperShadow243 wrote:On a side note though, why wouldn't the method you stated be effective?


The method I stated doesn't necessarily solve the problem of the creating the injection, by escaping the SQL statement with a ' or ", it only mitigates the possible damage that the injection can do by limiting the range of queries that can be passed. Stopping the injection attempt would be the ultimate goal of the web designer.
User avatar
tremor77
Addict
Addict
 
Posts: 1098
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Can someone explain WHY SQL injection works?

Post by HyperShadow243 on Mon Jul 26, 2010 2:10 pm
([msg=42759]see Re: Can someone explain WHY SQL injection works?[/msg])

Oh. Wow. Thank you very much for explaining tremor. All this information that I've learned from this website has got me kinda worried about just how safe everything is. I made a quick little console app with a password that would display two outcomes: Welcome or Get out. After completing application mission 3, I tried to bypass the password in my console app and well...it was as easy as looking through the hex...Hopefully I'll learn some ways on how to make code more secure

Thanks for taking the time to explain this to me tremor. :)


EDIT: Just got up to app 5 so guess I'll be learning the answer to my last question soon enough haha
HyperShadow243
New User
New User
 
Posts: 7
Joined: Sat Jul 24, 2010 1:21 pm
Blog: View Blog (0)


Next

Return to General

Who is online

Users browsing this forum: No registered users and 0 guests