What is SQL Injection?
SQL injection (SQLi) is a web security vulnerability that allows attackers to interfere with the queries an application makes to its database. It can allow attackers to view data they are not normally able to retrieve.
Types of SQL Injection
- In-band SQLi - Uses the same channel for attack and result retrieval
- Inferential SQLi (Blind) - No data transferred, inferred from behavior
- Out-of-band SQLi - Uses different channels for attack and data retrieval
Example Attack
-- Vulnerable query
SELECT * FROM users WHERE username = '$input';
-- Malicious input
' OR 1=1 --
-- Resulting query
SELECT * FROM users WHERE username = '' OR 1=1 --';Prevention
- Use prepared statements / parameterized queries
- Input validation and sanitization
- Least privilege database accounts
- Web Application Firewall (WAF)