SQL injection vulnerabilities arise in applications where elements of a SQL query originate from an untrusted source. Without precautions, the untrusted data may maliciously alter the query, resulting in information leaks or data modification. The primary means of preventing SQL injection are : sanitization and validation, which are typically implemented as parameterized queries , and stored procedures, and sanitizing/validating untrusted input.
Suppose a system authenticates users by issuing the following query to a SQL database. If the query returns any results, authentication succeeds. Else, otherwise authentication fails.
| Code Block |
|---|
SELECT * FROM db_user WHERE username='<USERNAME>' AND
password='<PASSWORD>' |
Suppose an attacker can substitute arbitrary strings for <USERNAME> and <PASSWORD>. Then the authentication mechanism can be bypassed by supplying the following <USERNAME>, with with an arbitrary password.
| Code Block |
|---|
validuser' OR '1'='1 |
...