O'Reilly logo

The Database Hacker's Handbook: Defending Database Servers by Bill Grindlay, John Heasman, Chris Anley, David Litchfield

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SQL Injection

SQL injection is probably the most common vector used to attack SQL Server. This is because web applications are typically deployed as Internet-facing and, if written in-house, their code will probably not have been subject to the same stringent security auditing as commercial software. SQL Server is also particularly vulnerable to this type of attack because of its verbose error messages. SQL Server's error messages can be viewed in the sysmessages table in the master database.

SQL injection occurs when information submitted by a browser to a web application is inserted into a database query without being properly checked. An example of this is an HTML form that receives posted data from the user and passes it to an Active Server Pages (ASP) script running on Microsoft's IIS web server. The two data items passed are a username and password, and they are checked by querying a SQL Server database. The schema of the users table in the backend database is as follows:

sername varchar(255)
password varchar(255)

The query executed is

SELECT * FROM users WHERE username = '[username]' AND password =
'[password]';

However, the ASP script builds the query from user data using the following line:

var query = “SELECT * FROM users WHERE username = '” + username +”' AND
password = '” + password + “'”;

If the username is a single-quote character (') the effective query becomes

SELECT * FROM users WHERE username = ''' AND password = '[password]';

This is invalid SQL syntax ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required