What is an sql injection attack? All websites process data entered by users. An input-validation attack is when unexpected user input is processed by a web server or database and an error occurs.
“An SQL Injection Attack (SQLIA) occurs when an attacker attempts to change the logic, semantics or syntax of a legitimate SQL statement by inserting new SQL keywords or operators into the statement.” Halfond, W.G.J. and Orso, A. (2005)
An attack surface is, basically, a user input. These take the form of arguments in GET and POST requests, HTML Forms, Cookie values, and Browser environment values. All are attack surfaces for input-validation attacks.
There are lots of different input-validation attacks:
SQL injection is one type of input-validation attack.
There are countermeasures to these attacks.
Halfond, W.G., Viegas, J. and Orso, A. (2006) A Classification of SQL Injection Attacks and Countermeasures is an excellent paper on sql injection. This paper has an excellent section on Injection Mechanisms. It shows the way in which SQL code is modified to perform the injection attack – the attack vectors. These are classified as User inputs, Cookies, Server variables and Second order injection. Second order injections are seeding an SQL injection into a database in order for that attack to be triggered later.
A section on attack intent outlines the various reasons for an attacker to want to exploit the database:
There is a section on SQLi types, which expands on the Halfond and Orso (2005) AMNESIA paper, adding:
There is an excellent section on detection methodologies:
Hopefully this short post answers the question “what is an sql injection attack?”, and provides you with some other sources to research.