Scribd
Upload
13 views11 pages

SQL Injection: Types and Prevention Guide

Class_3_SQL Injection

Uploaded by

smilingface4eyes
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
13 views11 pages

SQL Injection: Types and Prevention Guide

Class_3_SQL Injection

Uploaded by

smilingface4eyes
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

CSE 413

Cyber Security and Digital Forensic

SQL Injection (SQLi)

Bangladesh University of Business and Technology(BUBT)


7/23/2025
Agenda
⮚ What is SQL Injection?
⮚ Impact of SQL Injection Attacks
⮚ How does a SQL Injection Attack Work?
⮚ Types of SQL Injection Attacks
⮚ Examples of SQL Injection Attacks
⮚ Prevention of SQL Injection Attacks

Bangladesh University of Business and Technology(BUBT) 2


7/23/2025
What is SQL Injection?
As the name suggests, an SQL Injection Vulnerability allows an attacker
to inject malicious input into an SQL statement

Fig:1.1: Flow of SQLi Attack


Bangladesh University of Business and Technology(BUBT) 3
7/23/2025
Impact of SQL Injection Attacks
A successful SQL injection attack can
result in unauthorized access to
sensitive data, such as:
• Passwords.
• Credit card details.
• Personal user information

Bangladesh University of Business and Technology(BUBT) 4


7/23/2025
How does a SQL Injection Attack Work?
SELECT * FROM users WHERE username = 'username' AND password = 'password'

SELECT * FROM users WHERE username = admin' AND password = ‘admin@123' Return: True

SELECT * FROM users WHERE username = '' 1’OR '1'='1-- AND password ='password' Return: True

username password status


admin admin@12 Successfull Username: ‘1’OR’1’=1--
3
Password:

Log in

Bangladesh University of Business and Technology(BUBT) 5


7/23/2025
Types of SQL Injection Attacks

Fig:1.2: Types of SQL Injection


Bangladesh University of Business and Technology(BUBT) 6
7/23/2025
Types of SQL Injection Attacks
• Error‑Based SQL Injection: Exploits database error messages to gather information.
Example: ' AND 1=CONVERT(int, (SELECT @@version))--
(forces DB to show version in an error message)
• Union‑Based SQL Injection: Uses the UNION operator to fetch data from other tables.
Example: ' UNION SELECT username, password FROM users --

• Blind SQL Injection: No direct error or output; attacker infers data by observing app behavior.
Example: ' AND 1=1-- (page loads normally)
' AND 1=2-- (page behaves differently)
• Boolean‑Based SQL Injection (a type of Blind SQLi): Sends true/false conditions and observes
responses.
Example: ' AND 'a'='a'-- (true → page normal)
' AND 'a'='b'-- (false → page different)
• Time‑Based SQL Injection (another type of Blind SQLi): Uses database functions that cause
delays to infer results.
Example: ' OR IF(1=1, SLEEP(5), 0)-- (response delayed if condition true)
Bangladesh University of Business and Technology(BUBT) 7
7/23/2025
Examples of SQL Injection Attacks
Link: [Link]

Login Details:
Email: nidone9176@[Link]
Pass: S4sE4/4-:?Fmde6+4Wdj.y2tw8kFs:k6
Web Page Login:
[Link]

Attack Payload:
Username: 1'or'1'='1
Password: 1'or'1'='1
Lab Solve????
Bangladesh University of Business and Technology(BUBT) 8
7/23/2025
SQL Injection Attacks Prevention
✔ Use Prepared Statements (Parameterized Queries) – never directly insert user
input into SQL.
✔ Validate Inputs – allow only expected data.
✔ Use Least Privilege – DB user with minimal rights.
✔ Hide Errors – don’t show raw SQL errors.
✔ Keep Software Updated – patch DB & frameworks.
Vulnerable:
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";

Solution:
$stmt = $conn->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
$stmt->bind_param("ss", $username, $password);
$stmt->execute();

Bangladesh University of Business and Technology(BUBT) 9


7/23/2025
SQL Injection Attacks Prevention
1. ? are placeholders, not string concatenation.
2. When you call bind_param, the database driver:
• Sends the SQL query structure separately from the data.
• Treats $username and $password only as data, never as part of the SQL code.
3. Even if an attacker tries to inject SQL syntax, it is treated as a literal string:
• Input: ' OR '1'='1
• Stored as: username = "' OR '1'='1“
• No change in query logic, so injection fails.

Bangladesh University of Business and Technology(BUBT) 10


7/23/2025
HAPPY HACKING

Bangladesh University of Business and Technology(BUBT) 11


7/23/2025

You might also like