All about software testing

In this post I’ll say about SQL injection attack. What is it? How to find vulnerability to this type of attack? How to protect a web site from sql injection?

SQL injection attack – is  a code injection technique that uses a security vulnerability of the database layer of an application. The vulnerability is present when programmers don’t verify data accepted from user.

How to test ?

1. Look on  the site for a place where some parameters  are passed in the url.

For example, http://site/test.php?id=12

2.  Make a little change in the parameter. The simplest way – to add a quotation mark.

For example, http://site/test.php?id=12’

3.  Execute.

If you’ve got something like:

«You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ” ORDER BY p.pid DESC LIMIT 0, 20′ at line 12»

Hurray! You’ve found vulnerability on the site

PS: I wrote “Hurray!” for testers. Certainly, developers must be very unhappy with this result

In fact, that’s all. Surely, for hackers that will attack the site it is only the beginning. They’ll write complicated queries for getting data that are stored in the database. Finally they’ll get them and  make with the site all that they want.

But for us – testers,  sql injection vulnerability is enough to post a terrible bug and go ahead to do our job that is  to find out what else to break.

Because we need so much to break