SQL injection | SQL Injection Attack Tutorial | Cybersecurity Training | Edureka Rewind
Key Takeaways
This video covers SQL injection attack tutorial and cybersecurity training
Full Transcript
hi everyone this is Omar from edureka and today I'll be speaking about SQL injection attacks in the previous video I spoke about different phases of ethical hacking where I told you the steps one should follow in order to hack attack get successfully and efficiently I also spoke about some of the most popular tools used for hacking and at at the end of the session I spoke about some of the greatest hacks that have happened till time now that you know the basics now that you know how you should hack a Target what are the steps you have to follow it's time that you start understanding different methods and different techniques that you can use to hack the target so I'm going to start with one of the most popular one of the most used and one of the most simple hacking technique that is SQL injection so this video is all about SQL injection attacks firstly I'll be telling you what SQL injection is then I'll be telling you how SQL injection attack works I'll be explaining the concept behind it the logic behind it then I will show you how you can use SQL injection attack to hack a web application and finally I'll be telling you how you can prevent SQL injection attacks so first let us understand what SQL injection is SQL injection is one of the most used and one of the most common web-based attacks so for SQL injection to work you need a web application that uses a database let me tell you with with an example what SQL injection is consider an example where there's a web application that's using a database this web application might be taking input from the user and storing the information onto the database or it might be fetching data from the database and displaying out to the user in either case what happens is there's a SQL query or a database query that's generated on the web application which is sent to the database and uh this query is executed on the database and relevant information is returned back to the web application now this is how the normal scenario is so what happens when you use SQL injection is you manipulate this database query in order to make it do something that it is ideally not supposed to do so you change the SQL query you manipulate it you inject some malicious string in the SQL query and then make it do something that it is not ideally supposed to do so what happens is you manipulate the query and then this malicious query is sent to the database it's executed there and the relevant results are returned now this is SQL injection so SQL injection is a code injection technique which is used to execute malicious SQL statements on the database so basically SQL injection attack is something that you use to take over database servers now that you've got a high level understanding of what SQL injection is let's understand how SQL injection Works moving on to understanding how SQL injection Works let's take an an example of a web application that takes username and password for login now on a day-to-day base you use a lot of web application where the first thing you have to do is login into the web application you can consider the example of your Gmail account your email ID your Facebook account your Twitter Instagram and even your internet banking services so the first thing you have to do in order to use the features or the functions of this web application is to login into the web application so what you usually do is you enter the username then you enter the password now because SQL injection Works only on the web application that's using the database and suppose the details of all the username and their password is stored in a database what actually happens is there's a database and in this database there's a table that is storing all the usernames and the respective passwords so when you hit the login button after entering the username and the password that input information is sent to the database and it is cross checked with a table so if there is any user with that username and the password to that username is right then there's a successful match and there's a successful login and if there is no user with that particular username or if there is a user with that particular username but the password to that username is wrong then the login is unsuccessful so this is how the usual Cas is now what we are actually interested in is is not the flow of how this works but the SQL query that's generated in order to do this job so for this example the simple query that would be generated would look something like this so there is Select star where star means fetch any number of rows that matches some condition from users where users is the name of the database table then there's a condition to check the username equal to ABC at xyz.com and the password should be 1 2 3 4 5 6 so so when this SQL query is generated if there is a user with the username ABC at xyz.com and the password to that username is 1 2 3 4 5 6 then that particular row is returned and if there is no user with this particular username and password then there is no rows or there's no values returned so basically if this SQL query returns some value or returns a True Value then the login is successful and if this SQL query returns a false value then the login is unsuccessful so this is how it actually works now like I told you we are not interested in the flow of how this works we are only interested in the SQL query that's generated let me just highlight the SQL query for you so this is the same SQL query that I showed in the previous slide now what I've done is I've highlighted some part of this SQL query now why have I done that I've highlighted the part that is the input to this SQL query now when you're using a web applic application the SQL query is pregenerated by the web application and the only control the user has is over the input so the part I've highlighted is the user input and that's the only part in the whole SQL query that the user has control over so whatever changes we have to make or whatever we have to do in order to execute a SQL injection attack should be done by giving the right inputs now like I told you that if this SQL query returns true then the login is successful and if this SQL query returns false then the login is unsuccessful so SQL injection attack is a webbased attack where we manipulate this SQL query in order to always return true even if we don't know the user name or if we don't know the password now the question is how can we do that to do that we'll be using something called an R logic gate so for that I'll be explaining you first what an or logic is so or logic is a function that takes certain inputs and gives an output now let's take an example where A and B is the input and out is the output now suppose there's an R function running on the inputs A and B if both the inputs are false then the output is false if one of the input is true then the output is true and if both the inputs are true then the output is true now what you have to observe here is when one of the input is true then irrespective of what the other input is the output is always true so whenever there's one input true the output is always true and we'll be using this feature of the r function in the SQL injection attack so there is this SQL query and the objective is to make this SQL query return true so I'm going to manipulate this SQL query to something like this and like I told you that the user doesn't have control over the SQL query that's generated and the only control the user has is over the input that is given so I'll be giving this as a input the input will be inverted comma space or 1 equal to one hyphen hyphen space now uh this part of this query is the part which always returns true now let me just highlight that particular part for you and explain how this malicious string actually works now the input is uh inverted comma space or Space 1 equal to 1 now the first inverted comma is used to close the string parameter whenever you give something as a input in the input box of the web application then it is considered as a string in most of the cases especially for username and the password so the first inverted comma is used to close this parameter the string parameter then there is the r function and after that there is a statement that is 1 equal to 1 now if you see this there are two inputs there's the r function and there's one input to the left hand side and there's one input to the right hand side what we are interested in is the statement that is to the right hand side of the r function that is 1 equal to 1 now this is a statement that will always return true because 1 is always equal to one and like we've already understood that if one of the input to the r function is true then irrespective of what the other input is the result will always be true so in this case because one is always equal to 1 and that is true then this function the or function will always return true and hence the SQL query will always return true now what is the use of the extra double hyphen that I've used so the double hyphen I've used is to comment out the rest of the SQL query and that's why I've faded out the and password part so when I use double hyphen it doesn't matter what the next part of the SQL query is and like we have understood that this or function returns true then this SQL query returns true meaning that the login is successful so this is how SQL injection works now let's see how you can use SQL injection to attack a web application in the previous slide I showed you one malicious string that can be used for cql injection but there is no one universal string that can be used for SQL injection now what kind of SQL injection you use or how you use the SQL injection depends on how the web application is built just so you can understand in a better way how SQL injection can be used differently I have taken two examples in this session where in each case the data is being passed in different ways so first I'll explain to you what are these different methods that the data is being passed so the first way that the data is being passed is by using the get method so when a web application is using the get method to pass data Maybe from one web page to another or from a web page to the database the data that is being sent is sent through the URL of the request so the data that is being sent is visible in the URL let's take an example where there's a login page and uh there's a username and a password field you enter the username maybe as admin and the password is also the ad and when you hit the login button suppose the web application is using the get method then the URL request will look something like this in this case there's the name of the web page and there is also the information that is being passed that is the username and the password so when you use the get method the data that is being passed is visible in the URL now let's see an example where there's a web application that is using the get method and let's see how you can use SQL injection to hack that web application I've built this web application that uses get method to pass the data and this is how the web application looks before telling you how it works let's just have a look at the database so to show you the contents of the database let me first log in into the database now I'm using the database named test so let me just select it first so first let's see what are the contents of this database table so the name of the database table is login details so let me just print out all the rows and columns that are in this table so there are two columns in this table one is the username and one is the password and there are three entries the username and password for the respective username now let's see how this web application works so first I'll show you the code I've used to build this web application so this is the code that handles the login activity so first it takes the data from the web application the HTML page then it connects to the database then it uses the SQL query and it selects the user which has that particular username and that password and if there's a user with that particular username and password then it prints a success message and if there is no user with that username and password then it prints a failure message now let's see how this web application works so I'll just give some valid inputs first there is admin with the password admin let me just hit the Lo in button well this was a success let me try another input where the username is urea and the password is 1 2 3 4 5 6 let me try logging in and it was also a success now what if I give some wrong input so I'll give tony as a username and some random thing as a password let me try logging in and it's a failure because that user name does not exist in the database and obviously the password also now what you have to observe is because this web application is using the get method to pass data you can see the data in the URL of the string especially this part where the username is Tony and the password is this random string well now you can see that the data is being passed using the get method and the data is visible in the URL of the request now what we'll do to use SQL injection attack on this is will use that malicious string I showed you during the slides to bypass this login so what I'm going to do is is arase the username and use the malicious string so the string is inverted comma space r 1al to 1 hyphen hyphen space so what should happen when I hit enter is this SQL query should return true and the login should be successful and we should see a success message on the screen so let me just hit the enter button well the login was successful and we can see that the SQL injection attack worked uh this is how you can use SQL injection while you're trying to hack the web application that uses get method to pass data well there's another method that can be used to pass data and it is called the post method now let's see what this post method is when a web application is using the post method to pass data Maybe from one web page to another or from a web page to the database then the data that is being sent is not visible in the URL string now let me show you how you can use SQL injection attack on a web application that is using the post method this is is the web application that uh uses post method to pass data from the web page to the database I've kept the interface same because it doesn't matter how the web application looks so what matters is how it works so let me give some valid input at first uh the first username was admin and the password was admin let me just hit the login button and you see the login was successful let me use another entry the user name is edura and the password is 1 2 3 4 5 6 and let me hit the login button and the login was successful now let me try some wrong input some invalid input some random characters and some random password let me hit the login button and the login was a failure so you can see that the web application works in the exact same way apart from one thing that when I hit the login button the username and the password is not seen in the URL you can only see the name of the web page and not the data that is being sent now in the previous case you could see the username and the password in the URL and you use the malicious string to hack the web application now that there is no username and password in the URL how would you hack this web application like I told you while explaining how SQL injection works the only control the user has over the web application is in the input that he gives so whatever malicious string that we are going to enter will be through the input that we give to the web application now let's use the Malicia string in the username and the password field and see whether it is vulnerable to SQL injection well the malicious string was inverted comma R 1al to 1 hyphen hyphen space and let me just give some random password and let me hit the login button well this was a success and you can see I didn't give the right username and I didn't give the right password but still I use the malicious string and use SQL injection attack on this web application well this is how you can hack a web application that is using post method to transfer data now the next part of this session is how to prevent SQL injection well when you are an ethical hacker and you have to test a web application for vulnerabilities and suppose you found that that web application is vulnerable to SQL injection attacks now you have to tell the organization on how they can make their security better and that's why it's important to know that how you can prevent SQL injection attacks there are different ways of preventing SQL injection attacks and it all depends on how the web application is built just so you know I'll be explaining one such way that you can use to prevent SQL injection attack now there's another web application that I've built that prevent SQL injection attack so let me just show you how it works I'll show you the code and I'll show you what changes I've made and then explain how this prevents SQL injection attacks so the first part of the code is same it takes username and password from the HTML page from the input and then it connects to the database and then it runs some uh SQL query to check if the username and the password is valid and finally it returns a success if it's true and it returns a failure message if the login is unsuccessful now the changes I've made is in this part of the code what I've done is I'm using some method some function called prepare and bind parameter and what this actually does is it binds the whole input that the user gives as a string like I told you previously that the inverted comma was used to close the string parameter when you use the bind parameter function that whole malicious string is considered as a string now just so you can understand it better I've just visualized this logic so you can understand better so I'll get back to the slide and explain how this works so what we actually did was there was a username and the password field and we entered the malicious string in the username or the password and we could log in successfully now when you use the methods that I used in the code what actually happens is this whole string the whole malicious string is considered as a string and the inverted comma used is also considered as a string now when you use the bind parameter function what happens is the whole malicious string is considered as a string and the R1 equal to 1 hyphen hyphen is not considered as a logic in the code so when you use the bind parameter and even if you give this malicious string as the input it is sent to the database as the string it is compared it is cross checked with the username and the password in the database table and because there is no match the login will be unsuccessful this is one way how you can prevent SQL injection there are many other ways that you can use you can use form validations you can limit the characters that can be used as password and uh there are many other ways and it all depends on how the web application is spil well that's it for this session if you like this video like and share stay tuned for more videos on ethical hacking where I'll be explaining you different methods and techniques to hack the target until next time bye-bye e e e
Original Description
🔥Certified Ethical Hacking Certification (CEH v13 AI): https://www.edureka.co/ceh-ethical-hacking-certification-course
🔥Cybersecurity Certification Course: https://www.edureka.co/cybersecurity-certification-training
This Edureka video will give you an introduction to SQL Injection Attacks. This video will give you an exhaustive on the fundamentals of SQL Injection and teach you how to use SQL Injection to hack a Web Application and also how to prevent it.
Check out the latest 2025 video on Top 10 Technologies for the most up-to-date insights! 📌 Top 10 Technologies to Learn in 2025 → https://youtu.be/5kjWh8lBxC4
🔴 Subscribe to our channel to get video updates. Hit the subscribe button above: https://goo.gl/6ohpTV
🔴 𝐄𝐝𝐮𝐫𝐞𝐤𝐚 𝐎𝐧𝐥𝐢𝐧𝐞 𝐓𝐫𝐚𝐢𝐧𝐢𝐧𝐠 𝐚𝐧𝐝 𝐂𝐞𝐫𝐭𝐢𝐟𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬
🔵 DevOps Online Training: http://bit.ly/3VkBRUT
🌕 AWS Online Training: http://bit.ly/3ADYwDY
🔵 React Online Training: http://bit.ly/3Vc4yDw
🌕 Tableau Online Training: http://bit.ly/3guTe6J
🔵 Power BI Online Training: http://bit.ly/3VntjMY
🌕 Selenium Online Training: http://bit.ly/3EVDtis
🔵 PMP Online Training: http://bit.ly/3XugO44
🌕 Salesforce Online Training: http://bit.ly/3OsAXDH
🔵 Cybersecurity Online Training: http://bit.ly/3tXgw8t
🌕 Java Online Training: http://bit.ly/3tRxghg
🔵 Big Data Online Training: http://bit.ly/3EvUqP5
🌕 RPA Online Training: http://bit.ly/3GFHKYB
🔵 Python Online Training: http://bit.ly/3Oubt8M
🔵 GCP Online Training: http://bit.ly/3VkCzS3
🌕 Microservices Online Training: http://bit.ly/3gxYqqv
🔵 Data Science Online Training: http://bit.ly/3V3nLrc
🌕 CEHv12 Online Training: http://bit.ly/3Vhq8Hj
🔵 Angular Online Training: http://bit.ly/3EYcCTe
🔴 𝐄𝐝𝐮𝐫𝐞𝐤𝐚 𝐑𝐨𝐥𝐞-𝐁𝐚𝐬𝐞𝐝 𝐂𝐨𝐮𝐫𝐬𝐞𝐬
🔵 DevOps Engineer Masters Program: http://bit.ly/3Oud9PC
🌕 Cloud Architect Masters Program: http://bit.ly/3OvueZy
🔵 Data Scientist Masters Program: http://bit.ly/3tUAOiT
🌕 Big Data Architect Masters Pro
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from edureka! · edureka! · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
![Azure Data Engineer Certification [DP 203] | How to Become Azure Data Engineer [2023] | Edureka](https://i.ytimg.com/vi/DmDz98GfAn0/mqdefault.jpg)
47
48
49
50
51
52
53
54
55
56
57
58
59
60
ChatGPT Not Working - 4 Fixes | How To Fix ChatGPT Not Working | Why Is ChatGPT Not Working |Edureka
edureka!
Advanced Java script Tutorial | JavaScript Training | JavaScript Programming | Edureka Rewind
edureka!
Java script interview question and answers | Java script training | Edureka Rewind
edureka!
OpenAI API Tutorial using Python | How to use OpenAI GPT-3 API - Ada Babbage Curie Davinci | Edureka
edureka!
What is Unsupervised Learning ? | Unsupervised Learning Algorithms| Machine Learning | Edureka
edureka!
Top 10 Applications of Machine Learning in 2023 | Machine Learning Training | Edureka Rewind - 7
edureka!
Machine Learning Engineer Career Path in 2023 | Machine Learning Tutorial | Edureka Rewind - 6
edureka!
10 Must Have Machine Learning Engineer Skills That Will Get You Hired | Edureka Rewind - 7
edureka!
Data Structures in Python | Data Structures and Algorithms in Python | Edureka | Python Live - 5
edureka!
Python Lists | List in Python | Python Training | Edureka Rewind
edureka!
Predictive Analysis Using Python | Learn to Build Predictive Models | Python Training | Edureka
edureka!
Machine Learning Tutorial | Machine Learning Algorithm | Machine Learning Engineer Program | Edureka
edureka!
How to use Pandas in Python | Python Pandas Tutorial | Python Tutorial | Edureka Rewind
edureka!
Parameters in Tableau | Tableau Parameters Examples | Tableau Tutorial | Edureka Rewind
edureka!
Top 10 Reasons to Learn Tableau in 2023 | Tableau Certification | Tableau | Edureka Rewind
edureka!
Tableau Developer Roles & Responsibilities | Become A Tableau Developer | Tableau | Edureka Rewind
edureka!
Deep Learning With Python | Deep Learning Tutorial For Beginners | Edureka Rewind
edureka!
Realtime Object Detection | Object Detection with TensorFlow | Edureka | Deep Learning Rewind - 2
edureka!
Top 20 Tableau Tips and Tricks in 20 Minutes | Tableau Tutorial | Tableau Training | Edureka Rewind
edureka!
Climate Change Prediction using Time Series | Python Projects | Edureka | DS Rewind - 5
edureka!
ReactJS Installation Tutorial | ReactJS Installation On Windows | ReactJS Tutorial | Edureka Rewind
edureka!
Phases in Cybersecurity | Cybersecurity Training | Edureka | Cybersecurity Rewind - 2
edureka!
What Is React | ReactJS Tutorial for Beginners | ReactJS Training | Edureka Rewind
edureka!
Cybersecurity Frameworks Tutorial | Cybersecurity Training | Edureka | Cybersecurity Rewind- 2
edureka!
React vs Angular 4 | Angular 2 vs React | React & Angular | ReactJS Training | Edureka Rewind - 5
edureka!
ReactJS Components Life-Cycle Tutorial | React Tutorial for Beginners | Edureka Rewind
edureka!
Ethical Hacking using Kali Linux | Ethical Hacking Tutorial | Edureka | Cybersecurity Rewind - 3
edureka!
Types Of Artificial Intelligence | Artificial Intelligence Explained | What is AI? | Edureka
edureka!
Top 10 Applications Of Artificial Intelligence in 2023 | Artificial Intelligence| Edureka Rewind
edureka!
The Future of AI | How will Artificial Intelligence Change the World in 2023? | Edureka Rewind
edureka!
What is Artificial Intelligence | Artificial Intelligence Tutorial For Beginners | Edureka Rewind
edureka!
Google Cloud IAM | Identity & Access Management on GCP | Edureka | GCP Rewind - 5
edureka!
Google Cloud AI Platform Tutorial | Google Cloud AI Platform | GCP Training | Edureka Rewind
edureka!
Projects in Google Cloud Platform | GCP Project Structure | GCP Training | Edureka Rewind
edureka!
How to Become a Data Scientist | Data Scientist Skills | Data Science Training | Edureka Rewind - 3
edureka!
Agglomerative and Divisive Hierarchical Clustering Explained | Data Science Training | Edureka Live
edureka!
Climate Change Prediction using Time Series | Python Projects | Edureka | DS Rewind - 5
edureka!
Data Science Project - Covid-19 Data Analysis | Python Training | Edureka | DS Rewind - 6
edureka!
What is Honeycode? | Introduction to Honeycode | Edureka
edureka!
Difference between Amazon AWS and Google Cloud | GCP Training Google Cloud | Edureka Live
edureka!
DevOps Lifecycle | Introduction To DevOps | DevOps Tools | What is DevOps? | Edureka Rewind
edureka!
Introduction to DevOps | DevOps Tutorial for Beginners | DevOps Tools | DevOps | Edureka Rewind
edureka!
How to Create Login System using Python | Python Programming Tutorial | Edureka Rewind
edureka!
Python Developer | How to become Python Developer | Python Tutorial | Edureka Rewind
edureka!
How to become a Data Engineer | Complete Roadmap to become a Data Engineer| Data Engineer | Edureka
edureka!
Azure Data Engineer Certification [DP 203] | How to Become Azure Data Engineer [2023] | Edureka
edureka!
Data Analyst vs Data Engineer vs Data Scientist | Data Analytics Masters Program | Edureka Rewind
edureka!
DevOps Engineer day-to-day Activities | DevOps Engineer Responsibilities | Edureka Rewind
edureka!
How to Become a DevOps Engineer? | DevOps Engineer Roadmap | Edureka | DevOps Rewind
edureka!
How to Become a Data Engineer? | Data Engineering Training | Edureka
edureka!
How To Become A Big Data Engineer? | Big Data Engineer Roadmap | Edureka Rewind
edureka!
Python Integration for Power BI and Predictive Analytics | Power BI Training | Edureka
edureka!
Power BI KPI Indicators Tutorial | Custom Visuals In Power BI | Power BI Training | Edureka Rewind
edureka!
Apache HBase Tutorial For Beginners | What is Apache HBase? | Big Data Training | Edureka Rewind
edureka!
Big Data Hadoop Tutorial For Beginners | Hadoop Training | Big Data Tutorial | Edureka Rewind
edureka!
Big Data Analytics | Big Data Analytics Use-Cases | Big Data Tutorial | Edureka Rewind
edureka!
What Is Power BI? | Introduction To Microsoft Power BI | Power BI Training | Edureka Rewind
edureka!
Triggers in Salesforce | Salesforce Apex Triggers | Salesforce Tutorial | Edureka Rewind
edureka!
How To Become A Salesforce Developer | Salesforce For Beginners| Salesforce Training Edureka Rewind
edureka!
Java ArrayList Tutorial | Java ArrayList Examples | Java Tutorial | Edureka Rewind
edureka!
Related AI Lessons
⚡
⚡
⚡
⚡
Account Takeover Attacks: Why Authentication Isn’t the Real Problem
Dev.to · Sentinel Layer
When the Most Important Feature of a Migration Toolset Isn’t a Feature at All
Medium · Cybersecurity
HOW TO RECOVER CRYPTOCURRENCY LOST TO BITCOIN INVESTMENT SCAM/MALICE CYBER RECOVERY WIL DO IT
Medium · Cybersecurity
Aflac Japan Data Breach Exposes 4.38 Million Policyholder Records
Dev.to · BeyondMachines
🎓
Tutor Explanation
DeepCamp AI