SQL Injection – A simple query which can manifest as a security concern

In my previous blog,  I focused on the security issues associated with broken authentication and session management concerns. Here I shall focus on the security and the vulnerability quotient of an application.

I will discuss about the threats and their possible solutions. I will also mention few tools that aid the hacker in outsmarting the developer of the application. And, most importantly, why is t is important to understand and find the small errors which we commit making the job easy for a hacker. Normally, a hacker uses multiple hacking techniques to outsmart application developers. And, I will aim to cover each of them in a separate blog.

Security Business Case

Firstly, it is not necessary to be a certified hacker or for that matter an ethical/non-ethical hacker to be a web miscreant. A college grad can hack your application using a simple query. Yes, I am talking about the most simple sql query.

Let’s make this our first business case –  the Sql Injection.

Scenario

We have a web, desktop, or a mobile application, of any type, within which we have a form that takes some values and get you the results based on those inputs. Basically, we are trying to say that whatever inputs we give, they are used to fetch data from some database.

A mischievous sub broker enters his id in his broker’s portal to check the status of the transactions of his clients. However, he maliciously injects favorable condition in the query through the form meant to input his id, and retrieved all unauthorized data that he is not supposed to see. This will negatively impact business of the broker, and his credibility is deemed to be questioned, unfortunately affecting his numbers on the annual balance sheet.

Vulnerable Code

String brokerId = request.getParameter("brokerId"); //returns 3003
String query = "SELECT * FROM user_transactions WHERE brokerId = " +brokerId;

Statement statement = connection.createStatement();
ResultSet results = statement.executeQuery( query );

If the user is able to pass “303 or 1=1

The following two tabs change content below.

Vivek Sharma

Over 10 years of experience in technology and extremely interested in software security. Experienced in working with banks to safeguard against security threats. He spends his free time deep in stock market analysis.
Vivek Sharma

Over 10 years of experience in technology and extremely interested in software security. Experienced in working with banks to safeguard against security threats. He spends his free time deep in stock market analysis.

All stories by: Vivek Sharma