what is sql injection vulnerability
- 清浅Original
- 2019-05-11 10:01:179415browse
SQL injection vulnerability refers to inserting maliciously entered SQL commands into Web form submissions or entering query strings for domain names or page requests, ultimately tricking the server into executing malicious SQL commands
SQL injection vulnerability
As the name suggests, SQL injection vulnerability allows attackers to inject malicious input into SQL statements. To fully understand this problem, we first have to understand how server-side scripting languages handle SQL queries.
For example, suppose a function in a web application generates a string using the following SQL statement:
$statement = "SELECT * FROM users WHERE username = 'bob' AND password = 'mysecretpw'";
This SQL statement is passed to a function that sends the string to the connected A database where it is parsed, executed and the results returned.
You may have noticed that this statement contains some new special characters:
-
* : is the SQL database instruction to return all columns of the selected database row
=: is an instruction for the SQL database to only return values that match the searched string
' : used to tell the SQL database to search for a string Start or end position
Now consider the following example where a website user can change the value of "$user" and "$password", for example in a login form:
$statement = "SELECT * FROM users WHERE username = '$user' AND password= '$password'";
If the application does not sanitize the input, the attacker can easily insert any special SQL syntax into the statement:
$statement = "SELECT * FROM users WHERE username = 'admin'; -- ' AND password= 'anything'";= 'anything'";
admin'; - : is the attacker's input, which contains two New special characters:
; : Used to indicate to the SQL parser that the current statement has ended (not needed in most cases)
- : Instructs the SQL parser the remainder of the line
This SQL injection effectively removes password validation and returns the existing user's dataset, in this case " admin" attacker can now log in using an administrator account without specifying a password.
The above is the detailed content of what is sql injection vulnerability. For more information, please follow other related articles on the PHP Chinese website!