What is SQL Injection
When a web application fails to sanitize user supplied input entered in the input fields, it is possible to enter malicious SQL statements, thereby providing the attacker the ability to retrieve more data from databases. The impact of the attack can allow attackers to gain total control of the database or even the system.
Detecting Sql Injections
First step is to inventory your web pages which accept user input and connect to a backend database server for data access.
Second step is to identify all input fields which accept values that can be used in crafting SQL queries.
The third step is to test application for SQL injections using the following procedures:
-
Enter a semicolon (;) or single quote (‘) to the input field.
-
If the input field is not being filtered correctly , it will generate an error message which tells you that it is vulnerable to SQL injection.
-
Also comments (--) and other SQL keywords like OR and AND can be used to test the input field.
Avoiding Sql Injections
Web programming best practices should include:
-
Validate user input by adding checking for variable Length, Type, Format and Range.
-
When possible reject input values that contain semi-colon, single quote, comment delimiter (--), comment delimiter (/*…*/) and (xp_)
Please refer to the following links for more detailed information on SQL injections