Çfarë është SQL Injection?

Fillestar 15 min Siguria e Aplikacioneve Web

Hyrje

SQL Injection (SQLi) is a vulnerability class where an attacker can inject arbitrary SQL code into a query the application sends to its database.

Teoria

The classic example is a login form that builds a query like: SELECT * FROM users WHERE username='$user' AND password='$pass'. If the application concatenates raw user input, an attacker can submit the username ' OR 1=1-- and bypass the password check entirely, because the resulting SQL becomes SELECT * FROM users WHERE username='' OR 1=1--' AND password='anything'. Depending on the database and application, SQL injection can be used to dump the contents of tables, modify data, escalate privileges, read files on the database server, and in some cases execute OS commands. Blind SQL injection variants exploit boolean or timing differences to extract data one bit at a time, even when the application does not return query results directly. Tools like sqlmap automate the full workflow from detection to data exfiltration. The fix is simple and universal: never concatenate user input into SQL. Use parameterized queries (prepared statements) so that the database engine separates SQL code from data. Every modern language and framework supports this: PHP PDO, Python psycopg, Java JDBC, Node.js with pg or mysql2. Input validation is a nice secondary control but is not a substitute for prepared statements.

Mjetet

Mjetet kryesore:

  • sqlmap — automatizim i plotë i SQLi.
  • Burp Suite (Community/Pro) + ekstensioni Active Scan++.
  • OWASP ZAP — alternative falas.
  • DVWA, bWAPP, Juice Shop — laboratorë të cenueshëm.

Praktika

Kod i cenueshëm (PHP):

// GABIM — mos bëj kurrë kështu
$sql = "SELECT * FROM users WHERE email='" . $_GET['email'] . "'";
$result = mysqli_query($conn, $sql);

Kod i sigurt me prepared statement:

$stmt = $pdo->prepare("SELECT id, email FROM users WHERE email = ?");
$stmt->execute([$_GET['email']]);
$user = $stmt->fetch();

Test me sqlmap:

sqlmap -u "https://target.test/search?q=test" --batch --risk=2 --level=3
sqlmap -u "https://target.test/search?q=test" --dbs
sqlmap -u "https://target.test/search?q=test" -D appdb -T users --dump

Ushtrime

  1. Instalo DVWA dhe shfrytëzo SQLi në modalitet Low. Nxirr listën e tabelave.
  2. Rishkruaj kodin e cenueshëm duke përdorur prepared statements.
  3. Konfiguro një WAF (ModSecurity + OWASP CRS) dhe provo të njëjtin payload.

Burime

Vlerësimet dhe komentet

Kyçu për të lënë një vlerësim.

Ende pa komente. Bëhu i pari!

Diskutime

Ende pa diskutime. Hap një temë të re