In Depth: SQL Injection
[InDepth#2] Let's dive into SQL Injection, learn how it works, and what we can do with it.
We made it! Here we are with our second In Depth email. It may be a week late, but I’m sure the wait has been worth it. I hope you found last weeks’ security tip helpful - it’s easy to overlook, but is important for securing your app. This week, as promised, we’re looking into SQL Injection. I’m very excited for this one, as we’re going to do some actual attacks - not just look at theory and code. I have an interactive demo site up and running (details below), and I hope you have as much fun exploring the various attacks as I did creating them.
While working on this topic, it got me thinking about what I’m trying to achieve with this mailing list. I love the idea of producing more interactive demos to accompany these In Depth emails, so that’s something to look out for in future months1.
Two quick billing things:
The price for new subscribers will be going up before the next free Security Tip (~8th Nov). It won’t affect existing paid subscribers, but if you know anyone who is thinking of signing up, now is the time to lock in the cheaper price.
For the super fans, I’ve added a “Hacker Member” tier. Hackers will be able to vote on upcoming topics and get early access to demos and emails. You can upgrade in your Substack profile.
Now, before we begin, I need you to promise that the skills I teach you will be used for good, not evil. If you’re here to do evil, stop reading now! 🤫
SQL Injection (SQLi)
What is SQL Injection?
A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands.
I like to think of SQL injection attacks modifying or hijacking a query for malicious purposes. They can happen any time the attacker is allowed to control some aspect of the query beyond what the developer is expecting.
There are two main types of SQL injection vulnerabilities: