What is SQL Injection in Testing?

Share and Enjoy !

SQL Injection
SQL Injection

This post talks about sql injection,sql injection test,sql injection prevention mechanism,sql injection attack example,sql injection types.

SQL Injection

Injection attacks persists on many technologies.This happens when no strict separation between computer instruction and user input.
Typical structure of a program is:

|input|   __________   |output|
—-| internal logic |—

So a program expects an input for system to run and there if proper restriction is not put then attacker can interrupt the system.
injection refers to an instruction to the existing query.

The injection technology requires three components:
1. Technology Identification:
2. Transmission Process
3. Input that are prone to attack

Technology Identification:

This is  process where attacker gain knowledge about the system by web language or hardware processing. Web language can be identified by seeing the webpage but more details can be obtained by viewing
1. Error page
2. Javascript error details
3. view page source
Every technology if loosely coded can be cracked by a smart hacker. The tools we use are:
1. nessus
2. nmap
3. THC- amap

Transmission Process:

How we use to send data to server.Remember our college days!! where we use to develop web based projects….exactly get and post.
get send the user input to server through url
post sends the user input through SSL that is through secure mechanism

so if get is used people can easily manipulate. Now hackers are more smart they can aso manipulate
1. Hidden html forms
2. HTTP headers
3. cookie

READ  How to Test with Visual Regression Testing Tool- Screenster?

even the backend asynchronous javascript and xml(AJAX) can be manipulated.few days back orkut was supporting these codes.
tools are
1. webscarab
2. Burp

Input that are prone to attach checkout the error page:

say there is a login page with id and password as input.The mechanism is user gives an input as id and password and clicks on submit button
The form send the data in a secure manner

 form name=form1,method=post()

now server catches the information  by

string username=req.getparameter("user_name")
string password=req.getparameter("password")

the query might be

select id from user_table where user_name='username' and password='password'

the structure of sql query will be

srting query="select if from user_table where"+"username='"+ username+" 'and"+
"password='"+password+"'and resultset rs=stmt.executequery(query)
ind id=-1 

if the coder has not excluded these following vernability points in the backend in SQL

1.’ or 1=1 —
2. ‘) or 1=1–

can trap the SQL
the select id from user_table where username=’ ‘ or 1=1– ‘and ‘ password =password
in SQL after — everything is ignored …basicallt it tells sql parser that everything right to this is a comment and sql engine ignores that …
so query became
select id from user_table where username=’ ‘ or 1=1
select statement will return either zero length string or where 1=1 true
so 1=1 is always true so it will give all the username
The important point here even if the ‘ or 1=1 fails to check the application it might give error message–
1.Many ids are matching with the same criteria on XYZ table
2.Error in qery execution on table EMP_table
3.Even sometimes it reports the procedures on error message with table.
This is requirement of a hacker….so he will succeed.

READ  Managing an Offshore QA Team to Overcome Challenges Associated to Outsourcing Beyond 2021

Most of the web forms have no mechanisms in place to block user input. So this is a scope for test engineer.
Just remember two things..
1. It will not give a tabulated output
2. This is a mechanism by inserting query inside of another query


Share and Enjoy !

Leave a Reply

Your email address will not be published. Required fields are marked *