In website testing (security testing) i have seen many posts saying as sql injection, i have also searched in internet to get know sql injection..? the words used definitions are very hard to understand.please any expert explains it with an example and one scenerio it will be useful for new comers like us to understand.atlast experts are the book of referrrences who can share more than a book
A definiton of SQL Injection taken from Wikiperdia.
[ QUOTE ]
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
this sql injection is mostly done at the level of authentication like entering username and passwords.
For example let us take a web site which allows the users to login with their username's. At that time before the Sql injection was found the program's are written in a way to identify that username was valid one or not is follows.
<b><i> Select somefields form sometable where Username ='--------' and password = '----------'</b></i>
if the query is written is this manner then we can enter any username by giving username as
<b><i> anyname or 'a' = 'a' </b></i?
here anyname is the username you want to enter and where as 'a' = 'a' will always be so you can enter into that site with that username.
say for example a cracker is trying to register himself or herself on a website
in the choose username field, he enters the following: scooby; delete table user_name;
the query is executed like this:
"insert into users user_name scooby; delete table user_name;"
and the entire table will get deleted since everything after the first semicolon is read as another sql statement, that is also then terminated by a semi colon.
this is just to give you a very basic example..ofcourse sql injection errors like this one can be avoided simply by putting checks in the text boxes where the user is entering his user name, and disallowing special characters like the semi colon in the user name (a very basic practice that is commonly followed).
let me know if it helped, we could have a discussion maybe.