SQL INJECTION: Attacking methods, how it occurs?
Introduction:
SQL injection attack is one of a serious threat to any database-driven site.
SQL injection problems described as one of the most serious threats for Web applications. Web applications that are depend to SQL injection may allow an attacker to gain complete access to their databases. Because these databases may contain sensitive consumer or user information, the security violations can include identity theft, loss of con- fidential information, and fraud. In some cases, attackers can even use an SQL injection without any safety or security to take control of and corrupt the system that hosts the Web application. Web applications that are vulnerable to SQL Injection Attacks (SQLIAs) are widespread—a study by Gartner Group on over 300 Internet Web sites has shown that most of them could be vulnerable to SQLIAs
SQL mechanisms:
Malicious SQL statements can be introduced into a unsaved application using many different input mechanisms. The most common mechanisms are: Injection through user input: In this case, attackers needs to be inject SQL commands by providing suitably crafted user input. A Web application can read user input in many ways based on the environment in which the application is may be deployed. In most SQLIAs that are target Web applications, user input typically comes from the submissions that are sent to the Web application via HTTP GET or POST requests. Web applications are generally able to access the user input contained in these requests as they access any other variable in the environment.
Injection through cookies: Cookies are files that contain state information only generated by Web applications and stored on the client machine. When a client must returns to a Web application, cookies can used to restore the client’s state information. Since the client has allowed to control over the whole storage of the cookie, a malicious client tamper with the cookie’s