{"id":445,"date":"2015-10-22T15:38:05","date_gmt":"2015-10-22T15:38:05","guid":{"rendered":"http:\/\/www.scmgalaxy.com\/tutorials\/2015\/10\/22\/sqj-injection\/"},"modified":"2017-12-15T23:13:25","modified_gmt":"2017-12-15T23:13:25","slug":"sqj-injection","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/sqj-injection\/","title":{"rendered":"SQL Injection: How to check or test for vulnerabilities"},"content":{"rendered":"<div><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-3090 aligncenter\" src=\"http:\/\/www.scmgalaxy.com\/tutorials\/wp-content\/uploads\/2015\/10\/sql-injection.png\" alt=\"sql-injection\" width=\"600\" height=\"400\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2015\/10\/sql-injection.png 600w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2015\/10\/sql-injection-300x200.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/div>\n<div><strong>SQJ Injection<\/strong><\/div>\n<div>There are a number of ways of testing an application for vulnerabilities such as SQL Injection. The tests break down into three different methodologies:<\/div>\n<div><\/div>\n<div><strong>Blind Injection:<\/strong><\/div>\n<div><\/div>\n<div>MySQL example:<\/div>\n<div><\/div>\n<div>http:\/\/localhost\/test.php?id=sleep(30)<\/div>\n<div>If this SQL statement is interpreted by the database then it will take 30 seconds for the page to load.<\/div>\n<div><\/div>\n<div><strong>Error Messages:<\/strong><\/div>\n<div><\/div>\n<div>http:\/\/localhost\/test.php?id='&#8221;<\/div>\n<div>If error reporting is enabled and this request is vulnerable to sql injection then the following error will be produced:<\/div>\n<div><\/div>\n<div>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near &#8216;&#8221;&#8216; at line 5<\/div>\n<div><\/div>\n<div><strong>Tautology Based Injection:<\/strong><\/div>\n<div><\/div>\n<div>http:\/\/localhost\/test.php?username=&#8217; or 1=1 \/*&amp;password=1<\/div>\n<div>In this case supplying a Tautology, or a statement that is always true provides a predictable result. In this case the predictable result would be logging in the attacker with the first user in the database, which is commonly the administrator.<\/div>\n<div><\/div>\n<div>There are tools that automate the use of the methods above to detect SQL Injection in a web application. There are free and open source tools such as Wapiti and Skipfish that do this.<\/div>\n<div><\/div>\n<div><strong>More &#8211;<\/strong><\/div>\n<div><\/div>\n<div><a href=\"http:\/\/stackoverflow.com\/questions\/10281349\/testing-if-a-site-is-vulnerable-to-sql-injection\" target=\"_blank\" rel=\"noopener\">http:\/\/stackoverflow.com\/questions\/10281349\/testing-if-a-site-is-vulnerable-to-sql-injection<\/a><\/div>\n<div><\/div>\n<div><a href=\"http:\/\/thecybersaviours.com\/how-to-find-out-if-a-website-is-vulnerable-to-sql-injection\" target=\"_blank\" rel=\"noopener\">http:\/\/thecybersaviours.com\/how-to-find-out-if-a-website-is-vulnerable-to-sql-injection<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>SQJ Injection There are a number of ways of testing an application for vulnerabilities such as SQL Injection. The tests break down into three different methodologies: Blind&#8230; <\/p>\n","protected":false},"author":1,"featured_media":3090,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[60],"tags":[931,493,929,932,430,930],"class_list":["post-445","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-testing-tools","tag-blind-injection","tag-mysql","tag-sql-injection","tag-tautology-based-injection","tag-test","tag-vulnerabilities"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/445","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=445"}],"version-history":[{"count":2,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/445\/revisions"}],"predecessor-version":[{"id":3091,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/445\/revisions\/3091"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media\/3090"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=445"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=445"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=445"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}