What is SQL Injection on Primexbt?
Today's article I want to share with you about a basic attack topic "SQL Injection". You should know to with with primexbt website
I . SQL Injection definition?
First of all, let's find out what "SQL Injection" is?
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). (wikipedia.com)
From the definition quoted from the above wikipedia page, we can understand that it is a technique to attack the database by inserting malicious code, helping the system to be distracted, and data. destroyed or stolen.
II. Examples
a) Attack with the statement that is always true
First an obvious example is the search functions or the login page, see the SQL query code below that describes the code to check if the user exists in the system.
SELECT * FROM user WHERE username = $username
Do you find the above code familiar? I believe we have used the same code as above once in our lives when we first entered the field of web programming. Here I will show you how dangerous the above code is? Suppose in the login box someone intentionally fills in "or 1=1", then when the query, our SQL sentence will become the always-true statement as below.
SELECT * FROM user WHERE username = $username OR 1 = 1
Because it is "or 1=1", the above SQl sentence always executes and someone will be able to log into your system easily, this is very dangerous, especially the back end pages manage your website.
b) Attack to destroy data directly
Same query above, but we do not intentionally enter “OR 1=1” but this time enter more like this in the input box containing username to login[j as follows: " ; DROP table table_name”‘
The full query will now become
SELECT * FROM user WHERE username = $username ; Drop table table_name
Because SQL supports executing a sequence of commands consecutively and separated by a semicolon ";" , so with the above statement, after retrieving user information, it will execute the command to delete a specified table. This is really dangerous, directly damaging the database system, so we must security primexbt trading platfom
As you can see, with just a few examples, it is enough for us to see that small things can sometimes cause very serious harm. In the next blog posts, I will try to write more about other types of attacks and ways to overcome them. Close
Comments