SQL
Injection (SQLi) attacks pose a dangerous condition because of the level of
control an attacker can gain. The main concern that SQL database
administrators should have with SQLi attacks follow the CIA outline:
unauthorized access to an application being gained, information being
disclosed, data availability being lost, and data integrity being compromised.
Structured Query Language (SQL) is nearly universal and is the language used to drive Microsoft SQL Server, Oracle, MySQL. SQLi attacks are popular because they control the backend of the application and are not dependent of the frontend GUI or other software technology.
Countless user input web forms
are available on the Internet. And, if not properly coded, they are open to
weaknesses which can be exploited by hacking tools downloaded via the
Internet. Website features such as contact us forms, shopping carts, support
requests, search boxes, and login boxes are all susceptible
to SQLi attacks. These forms must allow some type of user based input
to bypass endpoints and firewalls to pass through to directly access the
database. Even if the web developer/web administrator or systems security professional
are consistent with patches, hotfixes, and whatnots, SQLi only
requires port 80 to be open which is also the port that is required to be open
for the public to view the web
application. Antivirus and malware scanners also do not
pick up SQLi attacks because SQLi attacks do not contain
virus or malware definitions. SQLi attacks do not run
against the operating system of the web server or database
server. SQLi attacks the web applications.
By using a SQLi attack, an attacker can bypass an
application’s authentication and have unauthorized access to user accounts,
passwords, and any other information stored in the database tables.
Potentially, the attacker has the capability to alter the database(s) to their
choosing. Thus, a SQLi attack could generate a widespread data leak.
The attacker can script the database to directly leak data, script the database
to leak data by proxy, or hold data for ransom.
By controlling the database(s) and the data, the attacker also holds the power to limit availability of the data to the database. The attacker can cause unexpected interrupted disruptions in database access, cause the infrastructure of online software to become offline, and completely disrupt business by corrupting an AD/DS database. Compromised data integrity goes hand-in-hand with a concern of data availability. An attacker with full control of a database can manipulate data with false entries, delete records, and drop tables from the databases of the database server. (www.nasstive.com)