Working of SQL Injection Attacks

SQl injection is a vulnerability that allows an attacker to influence the queries that are passed to the back-end database. It has been present since the time databases have been attached to the web applications. Before understanding the how SQL injection attacks we need to understand the Simple Three Tier Architectureor a Four Tier Architecture.This will clear your basics and give you a rough idea of how database-driven web applications work. Three Tier Architecture In a simple three tier datbase-driven architecture the three layers that are used are:- 1. Presentation Tier(Browsers) 2. Logic Tier 3. Storage Tier(Database) The three tier architecture follows a linear relationship i.e Presentation Tier connects to the Logic Tier and theLogic Tier connects to the Storage Tier Presentation Tier <–> Logic Tier <--> Storage Tier Suppose you connect to the http://www.website.com using his web browser.This is your presentation tier.Now the web server residing in the logic tier will load the script for the entered url and will pass it to the scripting engine which will parse and execute the script.It will also open a connection to the database i.e Storage Tier .It will perform the queries and the data from the database is transferred to the logic tier which will now convert into HTML which is rendered by the Browser. Four Tier Architecture In Four Tier Architecture an layer of Application Server is inserted between a web server and the database. 1. Presentation Tier(Browsers) 2. Logic Tier 3. Application Tier 4. Storage Tier(Database) In four tier architecture the connection to the database is opened by application server which has Application Programming Interface (API) that implements the business logic before transferring the data to the Logic tier. Presentation TierLogic Tier Application Server Storage Tier Working Of SQL Injection SQL injection can be used using various methods.In this page I will explain to the basic concepts behind the SQL injection. Suppose you are on a shopping site and you have selected the option of showing all the accessories that costless then 200$ and its Url is like http://www.shoppingsite.com/products.php?val=100 To test this website for SQL injection try appending your SQl injection commands in the val parameter ‘OR ‘1’=’1 http://www.shoppingsite.com/products.php?val=100’OR’1’=’1 If the above injection works and shows the list of all the accessories then the website is vulnerable to this type of SQL injection This means that at the backend the script will be executed as shown: SELECT * FROMProductstbl WHEREPrice<’200.00’ OR ‘1’=’1’ ORDER BYProductdescription As the condition 1=1 so this will give you list of all the products How this SQL injection Attack Can Be Harmful Suppose a website uses the following url for logging into admin panel http://www.website.com/cms/login.php?username=saini&password=go now if the above website is vulnerable to the SQL injection as mentioned in the above example then by entering any username and password in the url you can login http://www.website.com/ms/login.php?username=dnt&password=dnt’OR’1’=’1 so you will just login without valid username and password to the admin panel of a website. NOTE:"The Above Information is Only For Education purposes and to make our Users beware of Threats,plz DO NOT Misuse your Knowledge"