SQL Injection: How to check or test for vulnerabilities

sql-injection
SQJ Injection
There are a number of ways of testing an application for vulnerabilities such as SQL Injection. The tests break down into three different methodologies:
Blind Injection:
MySQL example:
http://localhost/test.php?id=sleep(30)
If this SQL statement is interpreted by the database then it will take 30 seconds for the page to load.
Error Messages:
http://localhost/test.php?id='”
If error reporting is enabled and this request is vulnerable to sql injection then the following error will be produced:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘”‘ at line 5
Tautology Based Injection:
http://localhost/test.php?username=’ or 1=1 /*&password=1
In this case supplying a Tautology, or a statement that is always true provides a predictable result. In this case the predictable result would be logging in the attacker with the first user in the database, which is commonly the administrator.
There are tools that automate the use of the methods above to detect SQL Injection in a web application. There are free and open source tools such as Wapiti and Skipfish that do this.
More –
Tagged : / / / / /