This will be my first How To series.
In this tutorial you'll learn what SQL is, what SQL injection is and how it benefits you as a hacker.
I strongly recommend learning at least the basics of PHP before attempting to learn/use SQL Injection.
1- What are Databases?
2- What is SQL and how does it work?
- 2.1. Defining SQL.
- 2.2. Explaining SQL's usage and Syntax.
- 2.3. SQL's integration in other programming languages.
- 2.4. Conclusion.
3- What is SQL Injection?
- 3.1 Defining SQL Injection.
- 3.2 How does SQLi work?
4- Final Conclusion.
So, let's begin shall we?
So what is a Database? Simply put, it's the place where all your data is stored, therefore "Data-Base".
Databases are basically a structure of tables, each table containing a set of Rows defining the data and columns containing the data.
Let's take this as an example.
Be this our table, called "UserData".
It contains 3 Rows of data, first being the "ID", second being the "Username" and third being the "Password".
This way, we have some data stored for our users.
So, let's break it down!
Each column here contains a bunch of data specific to one entity (In this case, a user.)
For example, the first column in this table contains data that belongs to the user "CyberMask", the second to the user "unicorn".
So if I wanted to know CyberMask's password, I'd look for the Row "Password" corresponding the the column where the user is "CyberMask". You could think of it as an an X-axis Y-axis kinda thing.
So that's a database, but what does SQL have to do with this?
So what does all that hallahulla has to do with SQL?!
This section will contain the following:
- Defining SQL.
- Explaining SQL's usage and Syntax.
- SQL's integration in other programming languages.
- Defining SQL:
SQL is short for Structered-Query-Language, or Sequel as some like to call it.
It is a language commonly used for database management.
In short, SQL tells databases what to do.
Let's say I have a million users in my database and I wanted to get the ID of a specific user, now searching manually would be insane wouldn't it?
This is where SQL comes in, I want to tell the database to select the ID of CyberMask and print it out, so how does that work?
- Explaining SQL's usage and Syntax:
Let's take a code snippet as our example:
Does it make sense already?
This is called a Query; Queries are simply pieces of code you run.
They're different from other languages where each query runs separatly and independently as instructions given to the database through the database engine.
So let's break it down!
SELECT tells the database to select one or multiple values.
ID is the value SELECT is going to select.
FROM tells the database what table to use, in this case it's UserData.
WHERE here is a condition, simply put, it's telling the database to only select ID where certainValue=something. In our case, we want the password from the column where the Username Row has the value CyberMask. Makes sense?
So now that we've covered SQL's basic usage to retrieve data, let's go further down and explain how websites use it!
- SQL's integration in other programming languages:
So now we know how to fetch data from the database. But how does that relate to websites hacking and other cyber entities?
The answer is simple, SQL can be integrated in other languages such as PHP and C# for example.
let's take PHP as an example. (PHP is a server-side programming language for web applications)
You see how the syntax is very similiar?
It's pretty simple how SQL is integrated in other languages, as for the most part the Query's syntax is almost always the same!
So what does that exactly mean? It means that any website that uses a database is most likely using SQL aswell as it's a key ingredient in the database management world.
SQL is a powerful language in it's own unique ways. Despite it's simplicity, it's used on a VERY large scale.
It can be used on it's own, aswell as integrated into other programming languages.
It behaves differently compared to most programming languages, as it runs individually as a set of instructions to the database.
Now, we know what SQL is. How does that relate to hacking?
Well, let's find out!
- Defining SQL Injection:
SQL Injection is actually just what the name suggests, to inject SQL.
No really, it's as simple as that.
What you do is inject malicious code in an already existing Query, that way you can manipulate the set of instructions before it's run through the database.
SQL Injection at it's best can solely give you full control of the operating system that runs the database. Imagine that.
So how does that work?
- How does SQLi work?
We'll only talk theory here for now.
Let's take this form as our example:
Form runs this query:
So let's break this down.
In the php code I assigned a variable called "$username" to that textbox, so anything I type in the textbox will be put in the place of $username inside the query.
As a rule of thumb, $username = whatever I type into that textbox.
So in theory, if I type a query in that textbox, it should get run.
Therefore the "injection" concept.
Ofcourse, I would need to type a bit more than a SELECT query, but that's yet to come!
SQL (short for Sequel) is the most used database management language.
It's a simple language in the form of instructions called Queries, each instruction (Query) being run individually in real-time through the database.
SQL Can be integrated in other programming languages.
SQL Injection is the act of squeezing malicious code inside an existing Query.
SQL Injection is used in order to gather data/run malicious code on the operating system.
It can be a great addition to your skillset as a hacker.
That would be all!
I hope this becomes a useful contribution to the community!
Furthermore, kindly point out anything you would like to see changed/improved/added to this tutorial.
Want to help support Null Byte and start making your own money as a white hat hacker? Jump start your White-Hat Hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from Ethical Hacking Professionals.