SQL injection is a code injection technique used to attack data driven applications. This occurs when malicious SQL statements are inserted into an entry field for execution. SQL injections must always exploit a security vulnerability in an application’s software for example when a user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed.
SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. SQL injection is considered as one of the top rated attacks on Web Application Security. There are four main sub-classes of SQL injection they include:
- Classic SQL
- Blind or Inference SQL injection
- Database management system-specific SQL injection
- Compounded SQL injection
Some SQL injections occur in different ways some of which are;
Incorrect Type Handling
This is a form of SQL injection which mainly occurs when a user-supplied field is not strongly typed or is not checked for type constraints. This mainly occurs when a numeric field is to be used in a SQL statement, but the programmer makes no serious checks to validate that the user supplied input is numeric.
Incorrectly Filtered Escape Characters
In this form of SQL injection occurs when user input is not filtered for escape characters and is then passed into an SQL statement. This results in the potential manipulation of the statements performed on the database by the end-user of the application.
Blind SQL Injection
This is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This attack may become time-intensive as a new statement must be crafted for each bit recovered. There are several tools that can automate these attacks once the location of the vulnerability and the target information has been fully established.
Second Order SQL Injection
This occurs when submitted values contain malicious commands that are stored rather than executed immediately. In some cases, the application may correctly encode an SQL statement and store it as valid SQL. Then, another part of that application without control to protect against SQL injections might execute that stored SQL statement. This attack requires more knowledge of how to submit values are later used. Automated web application security scanners would not easily detect this type of SQL injection and may need to be manually instructed where to check for evidence that is being attempted
- Oracle SQL Injection Protection
- What to Do to Protect Your Data from SQL Injection Attacks
- SQL Injection Scanner and Prevention Strategies