SQL Injection

Posted by Uri_gc@reddit | learnprogramming | View on Reddit | 6 comments

Hola, me gustaría saber cómo desarrollar una SQL Injection, más allá de lo más básico

Uno de mis profesores nos puso como reto defendernos de un ataque de este tipo, y atacar al resto de nuestros compañeros, si logramos vulnerar algún proyecto de uno de nuestros compañeros pasamos el parcial

Como es un tema con mucho control de ética, no es tan fácil encontrar material afin a esto, y me gustaría profundizar en ello, la IA no profundiza aunque el promt esté bien hecho, y me gustaría saber más allá de lo más simple, o bien, aparte de las típicas SQL Injection, otro tipo de ciberataques dirigidos a app web

[-]

Any-Range9932@reddit

If the queries are parameterized and sanitize, ain't nothing will happen lol

[-]

troisieme_ombre@reddit

Consider the following code :

const res = "SELECT name, lastname, age FROM users WHERE name = '" + name + "' ORDER BY name ASC

Assuming that name is populated by the user, though a form, or a url parameter, or whatever, what happens if instead of inserting a name, i insert the following ?

john; DELETE FROM users; --

Your SQL statement becomes :

SELECT name, lastname, age FROM users WHERE name = 'john'; DELETE FROM users; -- ORDER BY name ASC

I have successfully inserted a second sql query in your codebase and you've just lost all of your users.

Well, this is the basics of SQL injections. You defend against them by making sure that you verify the parameters passed to your queries. There are helpers designed to do this and most ORMs handle this automatically (which is part of why we usually recommend using ORMs)

[-]

gm310509@reddit

Try googling "little Bobby tables" and see if you can work it out from there.

[-]

_Tono@reddit

You’re pretty much safe from SQL injections with parametrized queries, don’t think you’re gonna get anywhere unless your classmates are careless enough not to.

[-]

abrahamguo@reddit

SQL injection is simply a matter of adding arbitrary SQL into a query when it's concanated with a user-populated variable.

Try making a simple script that takes a user-populated variable, and concatenates it into a query. What values can you put into the user-populated string that cause an issue?

[-]

Muted_Home_4140@reddit

yeah for learning this stuff portswigger web security academy is really good resource, they have free labs where you can practice different injection types

also try setting up vulnerable app locally like dvwa or mutillidae, that way you can experiment without worrying about ethics issues since its your own environment