Flaws of SQL Injection/Queries

by Vincent S
All students in the class have at least taken beginning java programming and are therefore familiar with sql injections.  Many of us have even had professors who demonstrated in class how simple java programs can be combined with a sql injection in order to return certain private values saved on the local host. Because we are beginning our lessons on sql, I decided to post an article on certain sql injection or query flaws that can be used maliciously against unsuspecting users.

Anytime a web based application is paired with the ability to perform a system call (a system call refers to any command associated with a program that goes beyond the scope of the program and uses some sort of external call that allows some requested value from the host computer to be returned to the program to be used), the local host using the application is vulnerable to unintended consequences.  Some web base database applications use shell commands or sql injections or queries to retrieve some data from the local machine.  If the application is improperly coded, certain values that were not intended to returned will be returned.  One classic example is to use an sql query with a modified constraint clause that returns anything where 1=1.  This will return values relating to passwords on the host machine because password verification is  a common situation in which the computer returns all instances in which a value was checked and agreed to be equal with a another pre-determined value.

I found this article to be relevant because now that we are beginning to use sql in this class, it is important to see the full capabilities of this program.  It is always interesting to see what creative ways hackers come up with for exploiting malicious forms of code.  Problems like the ones mentioned in this article though are usually easy to avoid as long as the user understands the perceived threat.

 

Citation

SQL injection. (2012, February 8). In Wikipedia, The Free Encyclopedia. Retrieved 21:15, February 13, 2012, from http://en.wikipedia.org/w/index.php?title=SQL_injection&oldid=475678267