Curriculum
Course: Cyber Security
Login

Curriculum

Cyber Security

Text lesson

SQL Injection

Many web applications connect to a database that stores all the information the application needs. SQL Injection is a technique that enables attackers to manipulate the SQL (“Structured Query Language”) queries used by the web application’s developers, often due to insufficient data sanitization. Developers frequently use SQL to access database resources.

SQL injection

In the request, Eve inputs: 1000′ OR ‘1’=’1, causing the SQL query to return all rows since the condition always evaluates as true. The database treats the value as 1000 or 1=1, ensuring results are returned. This is one example of how SQL syntax can be exploited via injection.

$username = getUserName();
$pw = getPassword();
$user = mysql_query(“SELECT * FROM userTable WHERE username = $username AND password = $pw”);
if ($user) {
  $loggedIn = True;
} else {
  $loggedIn = False;
}