– Malicious SQL commands are sent to a database
– Can impact both confidentiality(extraction of data) and integrity(corruption of data)
– In a web application environment, typically a script takes user input and build an SQL query
– Web application vulnerability can be used to craft an SQL injection
Return information about items shipped to a certain city specified user in web application that uses forms
Var Shipcity;
Shipcity = Request.form("Shipcity");
Var sql = "select * from OrdersTable where
Shipcity = "" + Shipcity + """;
SQL Injection Example
– User enters REDMOND
– Script generates SELECT * FROM OrdersTable Where Shipcity = ‘Redmond’
– What if user enters Redmond’ ;DROP table OrdersTable;?
– In this case, SELECT * FROM OrdersTable WHERE Shipcity = ‘Redmond’;DROP OrderesTable is generated
Malicious user is able to inject code to delete the table
– Many other code injection examples exist
Input checking
(golden rule – all input is evil)
see OWASP top 10 proactive controls
https://www.owasp.org/index.php/OWASP_Proactive_Controls
