SQL Injection

If you are vulnerable to SQL Injection, attackers can run arbitrary commands against your database.

Ready to see how?

Phew. Now we know how SQL injection works, let's learn how to protect against this kind of attack.

This is the vulnerable application we will be trying to hack with a SQL injection attack.

Go ahead and try logging in with the following credentials:

Okay, so guessing the password didn't work. Let's try adding a quote character after the password:

Hmmm. The application crashed with an unexpected error. What could that mean?

Enter the following credentials and click "Log in":

And we are in! We successfully gained access to the application without having to guess the password, using SQL injection.

Application

Logs

Here are the application logs. Watch what happens here when you interact with the vulnerable application.

The logs show a SQL syntax error. This indicates that the quote character messed something up in an unexpected way.

Code

SELECT * FROM users WHERE email = '#email#' AND pass = '#password#' LIMIT 1

This is what the application code looks like behind the scenes.

The quote is inserted directly into the SQL string, and terminates the query early. This is what caused the syntax error we saw in the logs.

This behavior indicates that the application might be vulnerable to SQL injection.

The -- characters you entered caused the database to ignore the rest of the SQL statement, allowing you to be authenticated without having to supply the real password.