{"id":174,"date":"2021-11-14T15:28:48","date_gmt":"2021-11-14T15:28:48","guid":{"rendered":"https:\/\/www.davincivirus.com\/?p=174"},"modified":"2021-11-14T15:50:56","modified_gmt":"2021-11-14T15:50:56","slug":"sql-injection","status":"publish","type":"post","link":"https:\/\/www.davincivirus.com\/?p=174","title":{"rendered":"SQL Injection"},"content":{"rendered":"\n

A SQL injection (SQLi) occurs when an unfiltered user parameter is rendered as executable logic by a database management system (DBMS). The impact stemming from this vulnerability can range from disclosure of sensitive data to arbitrary code execution.<\/p>\n\n\n\n

As with most vulnerabilities, this deficiency is caused by improper input validation and\/or output encoding. Concatenation of strings to create SQL statement is commonly associated with vulnerable code. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Exploitation<\/h2>\n\n\n\n

An attacker will append series of special characters to request parameters in search of SQLi. System errors or abnormal responses help diagnose vulnerable segments of the application. <\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

A methodical process of tweaking the request parameter will then ensue to perfect the payload. This process often necessitates setting up a test instance of the target DBMS. Contrastingly, a more haphazard approach would employ automated exploitation frameworks; most notably SQLMap. <\/p>\n\n\n\n

Technical hurdles will often accompany exploitation of a SQLi vulnerability. Attackers will often need to utilize creative solutions to exfiltrate data and further their attack. For example, appending exfiltrated data into a user retrievable value within the database. The below image depicts a payload that stores data into a user’s profile image. An attacker can subsequently retrieve the information by simply navigating the image URL.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Remediation<\/h2>\n\n\n\n

The utilization of parameterized statements will output encode any values being appended to a SQL command. This will almost always prevent exploitation.<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

A SQL injection (SQLi) occurs when an unfiltered user parameter is rendered as executable logic by a database management system… Continue Reading<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[9],"tags":[],"_links":{"self":[{"href":"https:\/\/www.davincivirus.com\/index.php?rest_route=\/wp\/v2\/posts\/174"}],"collection":[{"href":"https:\/\/www.davincivirus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.davincivirus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.davincivirus.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.davincivirus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=174"}],"version-history":[{"count":3,"href":"https:\/\/www.davincivirus.com\/index.php?rest_route=\/wp\/v2\/posts\/174\/revisions"}],"predecessor-version":[{"id":184,"href":"https:\/\/www.davincivirus.com\/index.php?rest_route=\/wp\/v2\/posts\/174\/revisions\/184"}],"wp:attachment":[{"href":"https:\/\/www.davincivirus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.davincivirus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.davincivirus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}