-
Notifications
You must be signed in to change notification settings - Fork 0
About
About the project
- What is SQLi?
- The SQLi Hacker Challenge Overview
- Developer FAQ
- Roadmap
A SQL injection or (SQLi) is a type of cybersecurity attack that targets data-driven applications by inserting or "injecting" malicious Structured Query Language (SQL) statements in the input field of a web page. A successful SQLi can allow an attacker to read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, or even gain root access to the system itself.
Look at the following example which creates a SELECT statement by adding a variable (user_id) to the end of it. The variable is fetched from the input() function.
user_id = input("User ID: ")
SQL_statement = f"SELECT * FROM Users WHERE user_id = {user_id};"The purpose of the code is to create a SQL statement to select a user, with a given user_id. If there are no security measures in place then a user can enter erroneous data into the input field such as:
User Id: 76 OR 1=1This would create the following SQL statement:
SELECT * FROM Users WHERE user_id = 76 OR 1=1;The above SQL statement is valid and will return ALL rows from the "Users" table, since OR 1=1 is always TRUE. If the "Users" table contains usernames and passwords then a hacker would get access to all the usernames and passwords in a database, by simply inserting OR 1=1 into the input field.