Sql Injection Attacks

Abstract

SQL injection is one of the most serious vulnerability for web-based applications. Exploitation of SQL injection attacks may result in undesirable consequences including but not limited to bypassing authentication, executing arbitrary commands on the database and denial of service. Therefore, there is a strong need for methods that can detect and prevent such attacks. In this survey we present a review on various types of SQL injection attacks and some of the well-known prevention techniques for web applications.

1. INTRODUCTION

SQL injection attacks are performed by an attacker who uses the query building techniques of the application as an exploit with the goal of forcing the application to perform an action in which it was not originally intended to do. The severity of such attacks can range from minor, such as an attacker stealing recipes from a subscription based cooking website, to major, such as an attacker stealing account information from a banking website. SQL injection attacks are common due to the fact that most developers view security as an optional afterthought coupled with the fact that protecting yourself from SQL injection attacks is a non-trivial practice. It is difficult to state that any one defense strategy is more effective than the rest. The reasoning behind the previous statement is that before selecting a strategy it is important to make yourself aware of the implementation and maintenance costs of that strategy in regards to your current system’s context. Furthermore, one should examine the importance of the data in which they are trying to protect; it may not be cost effective to implement an expensive strategy to protect public or harmless information. The following survey provides a description of the different forms of SQL injection attacks as well as a detailed review and analysis of some of the more popular detection and prevention techniques. As part of our analysis we have included a vision for the future of where we believe the implementation of SQL injection prevention techniques will be heading.

2. SQL INJECTION ATTACK TYPES

The following is a list of defined SQL injection attack types.

2.1. Tautologies: In tautology based attacks, the attacker injects a term in the conditional part of the SQL query so that the query always evaluates to true. This attack is used to bypass the authentication and access to important information by exploiting vulnerable input fields injected into the WHERE clause of the targeted query. For example, “SELECT * FROM users WHERE userid = '240' and password ='pass' OR 1=1 --”. The tautology statement added to the query “1=1” results in the expression always evaluating to true.

2.2. Illegal/Incorrect Queries: This attack allows the attacker to gain some useful information

...