top of page

How Cybersecurity actors can compromise SQL - Example Courtesy of ChatGPT

​

A common way cybersecurity actors compromise SQL is through SQL Injection. This occurs when attackers exploit an application’s input-handling vulnerabilities to execute malicious SQL commands.​​​​​​

Here is an example: a login page that checks user credentials against a database. The server-side code might look like this:

import java.sql.*;

public class VulnerableLogin {
    public static boolean authenticate(String username, String password) {
        try (Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/mydb", "user", "password")) {
            Statement stmt = conn.createStatement();
            String query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
            ResultSet rs = stmt.executeQuery(query);
            return rs.next(); // Returns true if a matching record is found
        } catch (SQLException e) {
            e.printStackTrace();
            return false;
        }
    }
}
 

The Attack Works this way:

  1. Malicious Input: An attacker enters the following credentials:

    • Username: admin' --

    • Password: (leave blank)

  2. Injected Query: The code constructs the following SQL query:

sql

​

SELECT * FROM users WHERE username = 'admin' --' AND password = ''

 

  • The -- comment marker makes the rest of the query (password check) ignored.

  • The query now authenticates the attacker as the admin user without needing a password.

     3.  Result: The attacker gains administrative access to the application.

​These are the consequences of the attack:

​

  1. Unauthorized Access: Attackers can bypass authentication and gain control over user accounts.

  2. Data Theft: Attackers can extract sensitive data by injecting commands like:

     

        sql

​

       ' UNION SELECT credit_card_number, cvv FROM credit_cards --

​

   3  Data Manipulation or Deletion: Malicious actors could delete or modify data:

 

        sql

​

        '; DROP TABLE users; --

​

​

   4.  Full Database Control: Advanced injections could allow remote code execution or install backdoors on the database server.

​  Decrease your Vulnerability:

​

  1. Use Parameterized Queries (Prepared Statements): Always use parameterized queries to separate SQL code from data.

    java

    ​

    public static boolean authenticate(String username, String password) { try (Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/mydb", "user", "password")) { String query = "SELECT * FROM users WHERE username = ? AND password = ?"; PreparedStatement pstmt = conn.prepareStatement(query); pstmt.setString(1, username); pstmt.setString(2, password); ResultSet rs = pstmt.executeQuery(); return rs.next(); } catch (SQLException e) { e.printStackTrace(); return false; } }

​

2. Validate and Sanitize Inputs:

  • Reject or escape special characters like ', ", ;, --, etc.

  • Enforce strict input validation rules for each field.

3. Use the Principle of Least Privilege:

  • Restrict the database user account to only the necessary permissions (e.g., no DROP or ALTER rights).

4. Apply Web Application Firewalls (WAF):

  • Deploy a WAF to detect and block SQL injection attempts.

5. Limit Error Information:

  • Avoid exposing detailed database error messages to users.

6. Implement Database Escaping Mechanisms:

  • Use libraries or frameworks that handle escaping and sanitization.

7. Regularly Update and Patch Software:

  • Keep database servers, libraries, and frameworks updated to avoid known vulnerabilities.

bottom of page