What is Vulnerability?
-In computer security, vulnerability is a major weakness which allow to attacker to get your system data and harm to your system.
-To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness.
Examples of vulnerabilities :-
- SQL injection
- Cross-site request forgery in web applications
- Buffer overflows and over-reads
- E-mail injection and many more.
Description:-
SQL Injection is a security vulnerability that enables an assailant to change back-end SQL statements by manipulating the user supplied data.
Injection occurs when the user input and sent to an interpreter as part of command or query and trick the interpreter into executing unintended commands & gives access to unauthorized data.
The SQL query which is executed by web application can also expose the back-end database.
Implication
- The attacker can add malicious content into the vulnerable fields.
- Sensitive data like Usernames, Passwords, etc. which can be read from the database.
- Database data can be modified (Insert/Update/ Delete).
- Administration Operation can be executed in database
Vulnerable Objects :-
- Input Fields
- URLs interacting with the database.
Examples:-
- SQL injection on Login Page
Logging into an application without having credentials.
Valid Username is available, and password is not available.
Recommendations to prevent this kind of attacks :-
- White listing the input fields
- Avoid displaying detailed error messages that are useful to an attacker.