What is SQL Injection UNION Attacks?
Last Updated :
24 Aug, 2022
An SQL injection attack is the execution of a malicious SQL query to alter data stored in a database or to access data without authentication or authorization. Websites or web applications using SQL databases are vulnerable to SQL injection attacks. The most common approach to launching an SQL injection attack is via user input fields. Hence, it is very important to validate data entered by users before sending it to the server. Refer to SQL Injection to know more.
Union-based SQL Injection:
Union-based SQL injection involves the use of the UNION operator that combines the results of multiple SELECT statements to fetch data from multiple tables as a single result set. The malicious UNION operator query can be sent to the database via website URL or user input field.
https://sqli.com/users/id=geek
'UNION SELECT * FROM users, courses --
The above URL contains a malicious SQL query that can fetch records of all users. “ –” at the end ignores all subsequent statements.
Demonstration using DVWA:
DVWA stands for Damn Vulnerable Web Application, which is developed using PHP and MySQL. It is a good tool for practicing ethical hacking and penetration testing. Union-based SQL injection attacks can also be performed using DVWA.
In the above image, the user ID is the user input field. The above image shows the result of injecting a malicious SQL query in the input field. From the results, we can infer that there are two columns corresponding to “First name” and “surname” respectively. But how did we figure out that there were two columns? The number of columns can be found by injecting either of the following two queries –
USER ID = geek 'UNION SELECT NULL, NULL, ... --
Keep inserting NULL until the database throws an error.
USER ID = geek 'ORDER BY 1, 2, ... --
Similarly, keep increasing the column number by one until the database throws an error.
Moreover, after obtaining details about table names, the attacker can get details of the corresponding columns.
Attackers can also get access to sensitive information like usernames and passwords.
Prevention:
- Sanitizing user input fields and forms – Putting restrictions on acceptable characters, and limiting the max length of the input before sending to the database server are some ways to validate input.
- Limiting data returned by database server – Instead of sending all data, a subset of data could be sent based on date/time interval.
- Parameterized Queries – Instead of appending user input to the SQL query, parameters can be used to pass the user input.
Name = geek
Email = [email protected];
DROP TABLE USERS --
Suppose the following SQL query is executed for storing the above data
INSERT INTO USERS (Name, Email)
VALUES (<Name>, <Email>)
The following SQL query will be executed if data is appended to the query
INSERT INTO USERS (Name, Email)
VALUES (geek, [email protected]); DROP TABLE USERS --
To avoid the above scenario, use parameterized query. In this case, the injected query is also considered to be a part of the email. Hence, the SQL injection attack is avoided.
INSERT INTO USERS (Name, Email)
VALUES (geek, [email protected]'; DROP TABLE USERS -- )
Similar Reads
What is CSV Injection?
Cyber Security is a crucial necessity of the modern world. Cyber Security involves security mechanisms that protect computer network systems from being exploited on their potential vulnerabilities. Sensitive information and confidential data that is stored on the computer systems by users or organiz
3 min read
What is Input Validation Attack?
Cyberattacks are dangerous attacks that take place on the computer systems of individuals/ organizations by unauthorized individuals known as cyber attackers or hackers. Cyberattackers aim to take advantage of computer system vulnerabilities to get into the computer network and access the secured us
4 min read
What is SMTP Header Injection?
SMTP is a Simple Mail Transfer Protocol which handles the sending, receiving, and relaying of email on the server. It contains three main parts that are used in the SMTP header injection later on we will discuss this : Header: In this part of the SMTP normal command ends.Body: Here we try to inject
2 min read
How to Protect Against SQL Injection Attacks?
SQL Injection, often known as SQLI, is a typical attack vector that employs malicious SQL code to manipulate Backend databases in order to obtain information that was not intended to be shown. This information might contain sensitive corporate data, user lists, or confidential consumer information.
4 min read
What are Injection Flaws?
An injection flaw is a vulnerability in that applications allow an attacker to relay malicious code through an application to another system. It allows hackers to inject client-side or server-side commands. These are the flaws through which hackers can take control of web applications. Depending on
3 min read
SQL Injection Cheat Sheet
SQL injection is a prevalent web security vulnerability where hackers place malicious SQL code in a website's database. This can enable them to steal, alter, or delete information. Ethical hackers check for such vulnerabilities to avoid attacks, as SQL injection is one of the most used hacking metho
7 min read
Types of SQL Injection (SQLi)
SQL Injection is an attack that employs malicious SQL code to manipulate backend databases in order to obtain information that was not intended to be shown, The data may include sensitive corporate data, user lists, or confidential consumer details. This article contains types of SQL Injection with
6 min read
What is User Authentication in DBMS?
User Authentication is a process in which the identity of any user is verified before they can access anything in your database. It is the process of securing data from unauthorized access. It is important to implement user authentication in DBMS to prevent data theft, data loss, or network attacks.
9 min read
MySQL SQL Injection
This is a very common and hazardous security vulnerability that uses the interactions between web applications and their databases. MySQL is an open-source relational database management system, too commonly under attack by such threats. SQL injection is an application coding weakness in the use and
5 min read
Error Based SQL Injections
An in-band injection technique allows hackers to take advantage of the database's error output. Databases are manipulated into generating an error that informs the hacker about the structure of the database. Hackers utilize one of the communication channels of the server to launch an attack and retr
9 min read