SQL injection is a code injection technique that might destroy your database. and its is one of the most common web hacking techniques and it is the placement of malicious code in SQL statements, via web page input.
SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.
Look at the following example which creates a SELECT statement by adding a variable (txtUserId) to a select string. The variable is fetched from user input (getRequestString):
txtSQL = “SELECT * FROM Users WHERE UserId = ” + txtUserId;
The rest of this chapter describes the potential dangers of using user input in SQL statements.
SQL Injection Based on 1=1 is Always True
Look at the example above again. The original purpose of the code was to create an SQL statement to select a user, with a given user id.
If there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:
Then, the SQL statement will look like this:
The SQL above is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE.
Does the example above look dangerous? What if the “Users” table contains names and passwords?
The SQL statement above is much the same as this:
A hacker might get access to all the user names and passwords in a database, by simply inserting 105 OR 1=1 into the input field.
lets talk simply , if you not a professional you can know if you have this SQL injection exploit in your website easily using several ways first of all if your site have id’s in the link ,for example if you have like this url in your website www.yoursite.com/news.php?id=1 you can do a quick test just add this Apostrophe ‘ to be like this www.yoursite.com/news.php?id=1’
if you have SQL injection exploit errors will show up or some elements of the website will disappear , IMPORTANT you should know that is just a quick test if you see no errors and nothing disappear that doesn’t mean that you don’t have the exploits to make sure there is another pro way
sqlmap is tool programmed using python and easy to use by amateurs you can download the script from the official SQLmap website
you should test your site on localhost not on your server to avoid getting banned by the host provider
after you check if you have a SQL injection exploit in your site how to fix it ?
SQL injection protection: conclusion
Prevention techniques such as input validation, parametrized queries, stored procedures and escaping work well with varying attack vectors. However, because of the large variation in the pattern of SQL injection attacks they are often unable to protect databases.
Therefore, if you want to cover all bases, you should apply the abovementioned strategies in combination with a trusted WAF. The primary WAF benefit is that it provides protection for custom web applications that would otherwise go unprotected.
- without having to change the application itself.
If you need more detailed control, higher security and lower latency, then the Positive Technologies WAF can help.
- PT WAF does not interfere with the performance of your virtual infrastructure.
- We offer innovative solutions to mitigating SQL injections, XSS, DDoS, zero-day attacks (to name a few) and the threat triaging is done in an automated manner.
- There are multiple deployment options, including cloud, hardware or virtual appliance.
- Our WAF solution also helps you cost-effectively satisfy PCI requirements.
When it comes to configuring, PT WAF takes the time to get to the heart of what matters – because it’s our mission to ensure that our clients’ businesses are never interrupted.
As a leading provider of security solutions, we are committed to continuous improvement, research and practical penetration testing. Test your website today with PT BlackBox Scanner: it’s simple, accurate and free.
also you need to fix it in programming way because some WAF are able to bypass !!
if you don’t have that much Experience you can ask any security professional for further help