File: sql_injection_check.md

package info (click to toggle)
gitlab 17.6.5-19
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 629,368 kB
  • sloc: ruby: 1,915,304; javascript: 557,307; sql: 60,639; xml: 6,509; sh: 4,567; makefile: 1,239; python: 406
file content (47 lines) | stat: -rw-r--r-- 2,411 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
---
stage: Application Security Testing
group: Dynamic Analysis
info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://handbook.gitlab.com/handbook/product/ux/technical-writing/#assignments
---

# SQL injection

## Description

Check for SQL and NoSQL injection vulnerabilities. A SQL injection attack
consists of insertion or "injection" of a SQL query via the input data from the
client to the application. A successful SQL injection exploit can read sensitive
data from the database, modify database data (Insert/Update/Delete), execute
administration operations on the database (such as shutdown the DBMS), recover
the content of a given file present on the DBMS file system and in some cases
issue commands to the operating system. SQL injection attacks are a type of
injection attack, in which SQL commands are injected into data-plane input in
order to effect the execution of predefined SQL commands. This check modifies
parameters in the request (path, query string, headers, JSON, XML, etc.) to try
and create a syntax error in the SQL or NoSQL query. Logs and responses are then
analyzed to try and detect if an error occurred. If an error is detected there is
a high likelihood that a vulnerability exists.

## Remediation

The software constructs all or part of an SQL command using
externally-influenced input from an upstream component, but it does not
neutralize or incorrectly neutralizes special elements that could modify the
intended SQL command when it is sent to a downstream component.

Without sufficient removal or quoting of SQL syntax in user-controllable inputs,
the generated SQL query can cause those inputs to be interpreted as SQL instead
of ordinary user data. This can be used to alter query logic to bypass security
checks, or to insert additional statements that modify the back-end database,
possibly including execution of system commands.

SQL injection has become a common issue with database-driven websites. The flaw
is easily detected, and easily exploited, and as such, any site or software
package with even a minimal user base is likely to be subject to an attempted
attack of this kind. This flaw depends on the fact that SQL makes no real
distinction between the control and data planes.

## Links

- [OWASP](https://owasp.org/Top10/A03_2021-Injection/)
- [CWE](https://cwe.mitre.org/data/definitions/930.html)