SQL injection can be termed as a code injection attack since all queries in SQL are nothing but interpreted codes. SQL injection is one the most dangerous web application vulnerabilities and most attackers consider it as a cream part while hacking since it can allow attacker to take over database and take full control of it.
With time and tide web application security has evolved with respect to SQL injections since they were most common attacks used by attackers so today its little hard to find SQL injection vulnerabilities in web applications. But due to its large possibilities of attack styles SQL injection is one of the vastest topics that can be covered in web application security.
In fact even if you write a whole 500 plus pages book on SQL injection, effects, related strings and real attack strategies it’ll still remain incomplete. The guys who boast of knowing SQL injection completely I always doubt their words no matter how big his/her name may be in history of SQL injection.
In this post we will not cover real attack strategies but some basic commands related to SQL which will help you later to perform real attacks. All commands are tested on MYSQL.
create table website (name char(50), url char(100), topic char(20), type char(30));
Above query will create a table named website with name, URL, topic and type fields in it.
insert into website (‘XTRA WEB’ , ‘http://wp.me/43JdM’ , ‘Security’ , ‘Blog’);
Above query will add data to table website with
Name : XTRA WEB
You can add more data in database using above query.
set topic = ‘Hacking’ where name = ‘XTRA WEB’;
Above query will replace ‘security’ by ‘Hacking’ in topic field for ‘XTRA WEB’.
select * from website;
it will display all data in table website.
select * from website where topic = ‘security’ ;
it will display all data where topic is security
select name from website where topic = ‘security’;
it will display names of all websites where topic is security.
This post just meant for developing a little basics about SQL for those who want to learn SQL injection but are not aware of SQL. In next post to these I ‘ll demonstrate how above queries are responsible for performing attacks. Till then have a nice time, thanks for reading and keep visiting.