Learning SQL For SQL Injections

Whenever you interact with a website that retains information such as username and password, pictures, accounts information, etc., it gives you the ability to search for this information. This means it’s keeping that information in a database. A database language is the backend programming language that enables you to search for things by name and have that information presented to you. Computer hackers have found a way to use this to their advantage. By inserting SQL queries directly into an input form, a hacker can circumvent a website’s normal security controls and extract the information they want directly from the database. These can be usernames, passwords, email addresses, social security numbers, and any other type of personal information that they want. To understand how to protect your website from this attack, you need to understand how this attack works.

The overall goal of an SQL injection is to extract information from the backend database. This usually uses three clauses (“SELECT,” “FROM,” “WHERE”). Here’s an example of an SQL query that will return a list of user names from a database.

This statement gives us their UserId, Name, and password in just one query. As you could imagine, by simply changing the variables in this statement, you can access any information within the database once you know the name of the item for which you are looking. To execute these queries, you need to find a portion of the website that accepts user inputs. This can be a username & password login form and even the comment section of the webpage.

The image below is from an open-source web application called damn vulnerable web application (DVWA), a purposely vulnerable web application that you can download to practice SQL injection.

Where to learn SQL injections:

W3schools: This website has several free tutorials on several programming languages, including dedicated solely to SQL injections. It teaches how to perform SQL injection, but it teaches the SQL language’s overall principles to understand better how it works. Therefore you will be able to create more precise and powerful queries.

Hacksplaining: This website gives basic cybersecurity tutorials about many different types of vulnerabilities, including SQL injections. The walkthroughs are more interactive than w3schools, but it doesn’t have the same depth of information. It’s a good place to understand how it works, and from there, you can expand.

DVWA: Damn vulnerable web application, this a great place to practice what you have learned. This application comes with multiple levels of difficulty, so you can practice with a simple hack at first and move up a few tiers to learn how to get around stronger security.

Recap

While SQL is usually used to create, delete and modify databases by the administrator, hackers can extract information from the database if the application doesn’t have the proper input validation. This is done through queries submitted via input forms on the website, including comment sections and username and password input fields.