How basic SQL injection works - with a demo
MarcusWeinberger (48)

In this tutorial, we are going to be targeting my 'vulnerable cloud storage' program (https://vulnerable-cloudstorage--marcusweinberger.repl.co). The way it works is users can store and read data, with authentication. Usernames and passwords are stored in a sqlite3 database.

For this demo, the user 'test' has been added with a password of 'test' and has 4 files containing irrelevant data. The first example of SQL injection can be seen on line 13. In the request, you are supposed to supply a username and password. However, as you can see, this is not a regular password.

We gave the password "x' OR '1'='1" with the username "test". When inserted into the SQL command on the server, the command will look like this:

SELECT ID FROM USERS WHERE USERNAME='test' AND PASSWORD='x' OR '1'='1'

What we have just done is taken advantage of poorly written code to make the server execute commands that were not intended. The simple mistake I (purposefully) made in my code is using %s to format a string. In sqlite3, there is a way to do this correctly by not using any quotation marks and having question marks in place of data and passing a tuple with the data in the arguments.

To learn more about input sanitization and good practice, look here: https://www.hacksplaining.com/prevention/sql-injection

Anyway, this script uses SQL injection to bypass all authentication and replaces all the user's data with random characters.

SQL injection is the most common vulnerability found in websites. It is an easy mistake to allow and can have devastating results like someone taking complete access of your server or looking at confidential information (eg passwords).

You are viewing a single comment. View All
HappyFakeboulde (211)

solution to sql injection risk: don't use sql

MarcusWeinberger (48)

@HappyFakeboulde SQL is very useful and is used everywhere, it's not hard to protect against SQL injection and using SQL can be very helpful.

MarcusWeinberger (48)

@HappyFakeboulde get the hell out of here with that garbage does this look like reddit to you

HappyFakeboulde (211)

@MarcusWeinberger people say r/whoooosh outside of reddit

MarcusWeinberger (48)

@HappyFakeboulde and it's horrible and needs to stop, I would say r/ihavereddit but that's hypocritical

HappyFakeboulde (211)

@MarcusWeinberger well, it's not going to stop
accept it

MarcusWeinberger (48)

@HappyFakeboulde i will continue to fight the good fight