A Study of SQL Injection Hacking Techniques

Abstract

Data is the most valuable asset of a person in the current cyber world. More and more data are being collected by applications for multi-purposes. These valuable data are stored inside a database. Standard Query Language (SQL) is a database query language for managing databases. SQL injection attack is the most common attack being used by attackers to gain unauthorized access to the database although it has been used for more than a decade. Many security professionals have proposed countermeasures against SQL injection attacks, but it is still listed as one of the Top 10 Web Application Security Risks today. The concept of SQL injection attack is to inject SQL codes into the database server and execute the injected codes to retrieve the desired result. SQL injection attacks can be classified into different categories depending on the characteristics of the attack. The severity of a SQL injection attack may vary, depending on the vulnerability and the permission assigned. It may only be causing leakage of some insensitive data or it might be causing the destruction and major modification of the database. This paper includes an overview of SQL injection attacks and a demonstration of attacking the database. Moreover, the characteristics and examples of exploiting different types of SQL injection vulnerabilities were discussed.