Technique
- • Attacker modifies our SQL query
- • By inputting characters like ' or \ to fields
- • By using characters where we expect numbers (ID, offset)
- • Again - not only security but also usability
Risks
- • Access or modification of secured data
- • Full control with some databases
- • E.g. SQLite or PostgreSQL allows executing multiple queries in one function
Defense
- • Prepared statements, variables binding
- • Data is not intermingled with a query
- • The query can't be modified by data
- • Database escaping functions, intval()
- • Beware magic_quotes_gpc
- • Must be set or known with any approach
Tasks
- • Modify data on unsecured site
- • Delete all data from SQLite database
- • Cause syntax error on a page with wrong escaping
