Hacker’s attempt to steal the data stored in the backend database. In order to store and extract data, the website admins prefer SQL database.
Through PHP, they’ll link the information to be displayed and stored with the database. The Information are stored in the SQL database.
Inorder to access the database in the backend, we’ll need a username and password and the database name.
But there are few ways through which we can extract the data stored in the database without having those credentials. That’s what we term as SQL Injection.
As the term denotes, Through SQL injection, an attacker finds a injection point in a website which is vulnerable. He executes some sort of SQL queries (payloads) in the input field of the websites and the server will react him back with some information if it’s vulnerable.
This is how SQL injection takes place. The attacker must find the correct injection point to execute the payloads. Mostly the injection point would be the URL. A SQL vulnerable URL will look like
Where id is the parameter and 10 is the value of that parameter. The index.php in the URL denotes that the website is made up of PHP and PHP is used as medium to send and receive data from the database.
We cannot hack a static HTML website using this SQL injection. So, a SQL vulnerable URL will have .php in it’s URL along with a parameter and value. Use google dorks to fond such vulnerable websites.
To confirm whether the website is vulnerable for SQL injection or not, add a single Quote at the end of the URL and hit enter. Now, if you receive any kind of SQL error, the website is obviously vulnerable to SQL.
Sometimes, the website may trigger an SQL error, but we may not inject our payloads. This is due to the presence of firewall.
Those firewall will block the payloads executed and instead, they show a 404 error page or redirect the vulnerable URL to some other page.
A SQL database is like a matrix. A matrix will have rows and columns whereas these SQL database will have Tables and Columns.
These tables are alternative for Rows. A table is a sub category of a database. For example, If E-commerce is the database, then Admin, Customers, Orders, Invoice are the example tables of the database.
The tables will contain columns where the data will be stored as rows. For example, the Admin table has username, password column .
If we inject into that column, we can get the credentials of admin. Before injecting into that column, we must find what is the name of the Database and what are all the tables it contain along with the columns in the tables.
Once we have all these info, we have to select the column and extract the data in the backend. All these extraction process can be achieved using SQL payloads.
A Sql Payload is nothing but the SQL query executed over the input area of a website. Input area commonly means the URL.
So, the attack can be executed by loading the URL injection with malicious SQL queries.
SQL injection attacks can be carried out by two methods.
1) Manual SQL injection
2) Automated SQL Injection