SQL Injection

[Shanker]

Can anyone explain what an SQL Injection is to me?

[Mentor]

Its basicaly an exsploit in which someone injects some exstra code in to a mysql queary.

Aka some site has in its url P=this&order=ASC

Then it gets order from the url and shoves it in to the mysql queary.

SELECT * FROM Sometable WHERE bla='bla' ODER by id $order

If someone changed that ASC in the url they could then write in anothr mysql queary on the end, maybe droping the DB or somthing. Which would cause major damage.

Hence why you should never put any raw inputs in to mysql, always make sure there will filted

[Wootzeh]

SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.


From Wikipedia.

[PixelResources]

http://en.wikipedia.org/wiki/SQL_Injection

Hope that helps.

[Shanker]

Well one of my msn mates forum got hacked by a hacker and he used a SQL Injection, is this possible? this is what to person said to me...

"Brief Explanation of the Events
On the 15th July 2006, a hacker injected a SQL injection into the forum hijacking my administrator session, the hacker then had full control of the board. However no access to the passwords was available, i do not even have access to these. The forum was then not fit for purpose and we are currently waiting until we have the funds for IPB 2.1.7 before opening on IPB again to ensure this doesn't happen again.

Stobbo - Runescape Hub Admin"