SQL injection attacks involve inserting or "injecting" SQL queries through client input to the application. A successful attack of this type can be used to read sensitive information from the database and modify or delete it. In the most extreme cases, it allows you to issue system commands.
The following is a dangerous piece of code that can be used to perform a SQL injection attack:
SELECT * FROM users WHERE name = userName;
The variable "userName" is retrieved from the user. If an attacker names 'OR' 1 '='1' as their username, this will force the correct user name to be selected because the expression '1' = '1' is always true.
You can use a tool called sqlmap to test sql injectionvulnerabilities, which automatically is able to find and use the ability to inject SQL queries. It supports six sql injectiontechniques : logic-based, blind, error-based, UNIONqueries, cumulative queries, and OOB attacks. Allows you to attack MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB, and Informix databases.
The figure below shows an example of using sqlmap,which, using heuristic tests, detected that the id parameter may be vulnerable to sql injection attack in the query being tested.
