What is an SQL Injection Attack?
SQL injection is a famous security vulnerability in which the attacker manipulates the queries to perform malicious actions on a security-sensitive database. By maneuvering of SQLi vulnerabilities, the attackers have the intention to get unauthorized access to database servers and even modify/delete crucial information stored in the database. In some extreme cases, an SQL injection attack can be used to gain elevated privileges to perform more damaging attacks.
SQLi Attacks can be classified into three broad categories depending on the way access to back-end data is gained.
Different types of SQL Injection Attacks:
1) In-band SQLi:
It is the simplest yet most efficient type of SQL injection attack. In such an attack vector, the same communication channel is used to perform the attack and gather the results. It is also known as “Classic SQLi”.
There are two sub-variations of this type of SQLi attack:
Error-based SQLi: In this SQLi attack, the attacker relies solely on the error messages generated by the database server. A detailed error message alone is sometimes sufficient for the attacker to gather the relevant information about the database infrastructure.
Union-Based SQLi: In this attack vector, multiple SELECT statements are merged by using the UNION keyword in order to get the desired output.
2) Inferential SQLi:
In Inferential SQLi attacks, no transfer of data actually takes place between the database and the attacker. That’s why such SQLi attacks are also known as Blind SQL Injection attacks. Attackers make use of the response time and behavioral patterns of payloads sent by the database server to gain more details about the database infrastructure. This type of SQLi attack can be further categorized into two types:
Time-Based SQLi: When the attacker sends an SQL query that forces the database to wait for a few seconds before responding, it is called a time-based SQLi attack. Depending on the response time, the outcome of the query will be either true or false.
Boolean SQLi: Here, the true or false result is generated by the server on the basis of the SQL query sent by the attacker.
3) Out-of-band SQLi:
One of the rarer but an equally effective type of SQLi attacks, it is dependent on the server’s ability to make HTTP requests for delivering data to the attacker. Out-of-band SQL injection is generally an attacker’s last resort when he/she is unable to use the same channel to launch the attack and gather results or when the server responses are unstable, making inferential attacks infeasible.
How to prevent SQL injection attacks:
- Increased awareness about the risks related to malicious SQL queries.
- Ensure that the input from the user is sanitized and kept in check.
- Keep a database of whitelisted and backlisted users to prevent malicious users from executing SQL queries.
- Enforce the use of the latest versions of the development environment and languages.
- Periodically perform a scan of the web applications to find out any possible vulnerabilities and threats.