MODULE 15 — SQL INJECTION

LEARNING OBJECTIVES (EXAM MUST-MEMORIZE)

#	Objective
1	Summarize SQL injection concepts
2	Demonstrate various types of SQL injection
3	Explain SQL injection methodology
4	Demonstrate different evasion techniques
5	Explain SQL injection countermeasures
6	Use different SQL injection detection tools

MEMORY HOOK:
Concept → Types → Method → Evasion → Defense → Tools

WHAT IS SQL INJECTION (CEH DEFINITION)

Item	Memorize Exactly
SQL Injection	An attack that exploits unsanitized user input to execute malicious SQL queries on a database

WHY SQL INJECTION IS DANGEROUS

Impact
Authentication bypass
Authorization bypass
Information disclosure
Data manipulation
Data deletion
Remote code execution

MEMORY HOOK:
Bypass → Read → Modify → Delete → Execute

SQL — BASIC CONCEPTS (NO ASSUMPTIONS)

WHAT IS SQL

Item	Memorize
SQL	Structured Query Language
Purpose	Communicate with databases
Used For	Create, read, update, delete data

COMMON SQL COMMANDS

Command	Purpose
SELECT	Retrieve data
INSERT	Add data
UPDATE	Modify data
DELETE	Remove data
CREATE	Create objects
DROP	Delete objects

MEMORY HOOK:
S I U D C D

WHERE SQL INJECTION OCCURS

Location
Login forms
Search fields
URL parameters
Cookies
HTTP headers

MEMORY HOOK:
Anywhere input touches SQL

UNDERSTANDING NORMAL SQL QUERY (EXAM CRITICAL)

Example
SELECT * FROM Users WHERE username=’smith’ AND password=’simpson’;

NORMAL EXECUTION FLOW

Step	Description
1	User submits input
2	Application builds SQL query
3	Database executes query
4	Result returned

UNDERSTANDING SQL INJECTION QUERY

MALICIOUS INPUT EXAMPLE

Field	Value
Username	blah’ OR ‘1’=’1
Password	anything

RESULTING QUERY

Query
SELECT * FROM Users WHERE username=’blah’ OR ‘1’=’1’ AND password=’anything’;

WHY IT WORKS

Reason
OR ‘1’=’1’ is always true
WHERE clause always evaluates to true
Authentication bypassed

MEMORY HOOK:
True condition breaks logic

SQL INJECTION — CORE PRINCIPLE (EXAM SENTENCE)

Memorize
SQL injection occurs because user input is concatenated into SQL queries without proper validation

SQL INJECTION ATTACK GOALS

Goal
Bypass authentication
Extract database data
Modify database records
Execute administrative operations
Compromise backend system

APPLICATION TECHNOLOGIES AFFECTED

Technology
ASP
ASP.NET
PHP
JSP
Python
Ruby
Perl

MEMORY HOOK:
Language irrelevant — SQL is target

DATABASE TYPES TARGETED

Database
MySQL
MSSQL
Oracle
PostgreSQL
SQLite

HTTP METHODS USED IN SQL INJECTION

Method	Description
GET	Parameters in URL
POST	Parameters in body

SQL INJECTION — BASIC LOGIC FLOW

Step	Action
1	Attacker finds input field
2	Submits malicious SQL
3	Application builds query
4	Database executes injected SQL
5	Attacker gains control

MEMORY HOOK:
Input → Query → Execute → Control

COMMON SQL INJECTION TEST STRINGS (EXAM RECOGNITION)

Payload
’ OR ‘1’=’1
’ OR 1=1–
’ OR ‘a’=’a
/*

COMMENT SYMBOLS IN SQL (VERY IMPORTANT)

Symbol	Meaning
–	Single-line comment
/* */	Multi-line comment

MEMORY HOOK:
Comment = ignore rest of query