SQL Injection Isn’t Hard.

SQL Injection Icon

If you’re doing any penetration testing, you would know that SQL Injection is pretty important. Sometimes, you might face an input field while testing a website for vulnerabilities.

Here is a quick SQL Injection guide.

If you don’t know, SQL Injection is when you try and enter malicious code into an input field. This code’s purpose is to try and break out of the database SQL statement and get access to somebody’s database.

Let’s do it.

I have this vulnerable input form that gives me the first name and last name for each user as long as I know the user’s ID.

But I don’t know the ID for any users… So, let’s try and break it to get them.

In a real situation, I wouldn’t be able to see the php source code. But for this example, I can.

So, let’s take a look at the source code.

Below is the code we are mainly focused on.

$query  = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";

To break it down even more, here is the SQL Code.

SELECT first_name, last_name FROM users WHERE user_id = 'Some_ID_here';

Here is the code we want to inject.

SELECT first_name, last_name FROM users WHERE user_id = '100' OR '1'='1';

The above code will return all users in the table.

Here is a SQL to English translation of the syntax:

SELECT first_name and last_name FROM the users table WHERE user_id = '100' unless 1=1 - In that case, show everything

So, let’s try this in the input field.

Sure enough, it works! Here’s what the code would have looked like when we entered the SQL injection.

SELECT first_name, last_name FROM users WHERE user_id = '100' OR '1'='1';

This is a really simple explanation of SQL Injection. If you want expand your SQL Injection knowledge, I recommend visiting W3School’s SQL Injection Tutorial for some more examples you might like.

Leave a Reply

Your email address will not be published. Required fields are marked *