When we talk about types of attacks on a website, we should talk about “hacking”. Computer hacking has as its main objective the manipulation of a system. It can be done by using viruses, worms, Trojans, denial of service attacks, brute force attacks, etc.
In this article I’m going to talk about types of web attacks focusing on the SQL inyection attack. Another type of attack is phishing, which I have previously talked about on this page in the article https://avertigoland.com/2021/01/how-to-notify-a-phishing-email-to-google/.
Hacker classification
People who make use of computer hacking are known by the name of hackers. We can establish a classification of hackers based on the level of evil they have. This classification is not entirely accurate because it uses colors to name the types of hackers and at this time it may not be entirely appropriate.
- Black Hat. The main goal of this hacker is to get and exploit vulnerabilities in computer systems. They are experts in breaking the security of systems for an economic purpose, they can act on their own or be hired by third parties.
- White Hat. The main objective of this hacker is to repair the vulnerabilities of the systems. They are people who work on the security of computer systems to ensure the confidentiality of the information they contain.
- Gray Hat. It’s a mix of the previous two, they’re both dedicated to getting and exploiting vulnerabilities. Sometimes they behave legally and sometimes they don’t.
Types of attacks: Sql injection
SQL injection is a bug (security hole) that can take place both on websites and in a normal program. This type of attack has its origin in a communication failure between the user and the database. You write code in a form field and execute a query against the database.
Communication is done through a programming language known as SQL (Structured Query Language). Today, there are web designers and developers who consider database queries, using SQL statements, to be secure queries. But it’s not quite right. Through SQL queries we can avoid access controls and allow us to enter the operating system where the website is hosted and make the modifications.
Injection attacks
SQL injection is a code injection technique that can destroy a database. It is one of the most common web hacking techniques. SQL injection attacks consist of the placement of malicious code in SQL statements, through the entry of a web page.
Example attack
To understand it better we will see an example. We have a form that is responsible for sending the password to the user by email. The user enters their email in a field of the form and the web page does a search in the database until that user is found.
If the application does not find the email address, it does not send an email with the new password. However, if the application finds that email address in the database, it will send unemail to that address with a new password or with the information needed to restore it.
Before the attacker can introduce SQL injection, he must know how the form’s input data is handled, for that entering a single quotation mark ” ‘ ” at the end of the email address would be sufficient. If the displayed page does not show any errors, the attacker knows that the database is vulnerable and can therefore begin manipulating the database.
What we need to know before doing SQL injection
In order to carry out this attack, it is necessary to know the structure and name of the table and the structure of the table beforehand. In order to get that information you have to use the following statement 1=1 that will always be true. The form is: SELECT * FROM users WHERE id =10 or 1=1.
This statement returns the entire user table because it must comply with one of the two parts of the WHERE and the 1=1 part will always be true.
What to do to avoid SQL injections
The measures we must take to avoid attacks with SQL injections are:
- Use special characters in SQL queries to the database. By adding the backslash “\” in front of the text used in SQL queries, we can improve the security of the query. It is not advisable to use characters such as double quotation marks (“), single quotation marks (‘) or \x00 or \x1a characters as they can be used in attacks.
- Limit query values. Even if the query value is an integer, it is advisable to always enclose it in single quotation marks ( ‘ ). An SQL statement of the type: SELECT name FROM users WHERE id_user = $id Will be much more easily injectable than: SELECT name FROM users WHERE id_user = ‘$id’ IF,where $id is an integer.
- Always verify the data entered by the user. Verify that the data entered by the user is correct. If a variable is numeric the user should be obliged to enter only numbers.
- connection. The user who will connect to the database must have the privileges necessary to perform the action never again. It is very appropriate that only some users with permissions can make modifications to the database.
Other tools to analyze our website
We may also use tools that will allow us to improve the protection of our website and prevent these types of attacks. Among them we find the following two.
SQLiHelper 2.7 SQL injection
It is an application that is used to collect information from a database. It uses SQL injection techniques.
Pangolin
This is a paid application that can perform automatic SQL injection penetration testing developed by NOSEC. Its goal is to detect and exploit SQL injection vulnerabilities in web applications. It is no longer available online.