{"id":5528,"date":"2019-09-02T20:04:40","date_gmt":"2019-09-02T19:04:40","guid":{"rendered":"https:\/\/www.n-able.com\/?p=5528"},"modified":"2021-07-09T14:53:05","modified_gmt":"2021-07-09T13:53:05","slug":"sql-injection-examples","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples","title":{"rendered":"SQL Injection Attack Examples"},"content":{"rendered":"<p>Structured query language (SQL) is a standard computer language for creating, editing, and accessing relational databases. Developed by IBM in the 1970s, it\u2019s commonly used by database administrators to run tasks and execute commands.<\/p>\n<p>The vast amounts of information stored in databases makes them valuable targets for hackers, who can exploit inherent characteristics of how SQL functions to trick a database into granting them access even without a valid login. These attacks, called SQL injections, can be costly\u2014<a class=\"ext\" href=\"https:\/\/nakedsecurity.sophos.com\/2018\/02\/19\/hackers-sentenced-for-sql-injections-that-cost-300-million\" target=\"_blank\" rel=\"noopener noreferrer\">reported losses<\/a>\u00a0from some attacks have reached $300 million. Others have resulted in\u00a0<a class=\"ext\" href=\"https:\/\/www.technologyreview.com\/f\/613973\/what-happens-when-a-countrys-entire-adult-population-is-hacked\" target=\"_blank\" rel=\"noopener noreferrer\">data breaches affecting the personal records of almost an entire country<\/a>.<\/p>\n<p>These examples illustrate why it\u2019s imperative that managed services providers (MSPs) know how to prevent SQL injection attacks that use malicious code with devastating consequences. This piece will walk you through a number of SQL injection examples so your team has a better idea of what to look out for to keep your customers\u2019 databases secure.<\/p>\n<h3><b>How does a SQL query work?<\/b><\/h3>\n<p>In order to understand why SQL injection attacks are so pernicious, it is helpful to first walk through how a standard SQL query works.<\/p>\n<p>One fundamental SQL command is the SELECT statement. When querying a database, SELECT allows you to retrieve data based on certain provided parameters. For instance, if a customer shopping on an e-commerce store wanted to see an item description, the SQL query might look something like this:<br \/>\n<code><\/code><\/p>\n<pre><em>SELECT ItemName, ItemDescription<\/em>\r\n\r\n<em>FROM Item<\/em>\r\n\r\n<em>WHERE ItemNumber = ItemNumber<\/em>\r\n<\/pre>\n<p>From this, the store\u2019s web application strings together the different variables into a single SQL statement that goes to the database:<br \/>\n<code><\/code><\/p>\n<pre><em>sql_query= \"<\/em>\r\n\r\n<em>SELECT ItemName, ItemDescription<\/em>\r\n\r\n<em>FROM Item<\/em>\r\n\r\n<em>WHERE ItemNumber = \" &amp; Request.QueryString(\"ItemID\")<\/em>\r\n<\/pre>\n<p>The application retrieves the item name and description based on the item number value provided, then displays the information to the customer.<\/p>\n<h3><b>What is an SQL injection?<\/b><\/h3>\n<p>An SQL injection is a common hacking technique that involves placing malicious code within improperly formatted SQL queries. This occurs when users are asked to input information, such as usernames\u2014only instead of providing a username, a hacker inputs an SQL statement designed to run surreptitiously. This technique allows them to access, edit, and potentially even delete a database.<\/p>\n<p>Usually, there are two parts to an SQL injection attack. The first step is to research in order to determine how to effectively trick the target database. An attacker will try inputting unexpected values for the argument in the SQL statement, which can reveal vulnerabilities in the database queries. The attacker then uses the application\u2019s responses\u2014including the information provided in error messages\u2014to formulate an SQL command that tricks the database.<\/p>\n<p>From there, the hacker will go in for the attack. Based on the observations determined in the research step, the hacker enters an input value which the database interprets to be an SQL command rather than data. The database then runs the command.<\/p>\n<p>There are a number of tools available that allow hackers to automate both the research and attack portions of an SQL injection, which means it\u2019s vital to maintain strong and effective security protocols to\u00a0prevent and protect against SQL injections.<\/p>\n<h3><b>Examples of SQL injection attacks<\/b><\/h3>\n<p>Let\u2019s return to the e-commerce example from earlier, which retrieves an item description based on a given item number. A hacker executing an attack could conceivably enter an input value like the following:<br \/>\n<code><\/code><\/p>\n<pre>ItemNumber: \r\n\r\n105 OR 1=1\r\n<\/pre>\n<p>Then, the SQL statement will look like this:<\/p>\n<p><code><\/code><\/p>\n<pre>SELECT ItemName, ItemDescription\r\n\r\nFROM Item\r\n\r\nWHERE ItemNumber = 105 OR 1=1<\/pre>\n<p>The addition of OR 1=1\u2014a statement that the database will recognize as always being true\u2014has the unintended effect of returning every product name and description in the database, even the ones that shoppers may not normally be allowed to access.<\/p>\n<p>Here\u2019s another SQL injection attack example that allows hackers to circumnavigate login credentials. When presented with a login field, a hacker might enter the following values:<br \/>\n<code><\/code><\/p>\n<pre>Username:\r\n\r\n\" OR \"\"=\"\r\n\r\nPassword:\r\n\r\n\" OR \"\"=\"\r\n<\/pre>\n<p>The result will be another valid SQL statement. Because the database recognizes &#8221; OR &#8220;&#8221;=&#8221;&#8221;\u00a0 as always being true, it will return all values for the username table, giving the hacker access to everyone\u2019s login information. Here\u2019s one last\u2014and particularly dangerous\u2014 example:<br \/>\n<code><\/code><\/p>\n<pre>SELECT ItemName, ItemDescription\r\n\r\nFROM Items\r\n\r\nWHERE ItemNumber = 105; DROP TABLE USERS\r\n<\/pre>\n<p>This particular statement uses the semicolon, which can be improperly filtered by a database, to create a command that has the potential to delete the entire user database.<\/p>\n<p>There are many more ways that SQL injection attacks can be disruptive, but the threat illustrated by these basic examples is obvious, especially when it concerns database tables containing sensitive client information. That\u2019s why it\u2019s incredibly important for MSPs and database administrators to have a solid grasp and understanding on how to properly format each part of an SQL query.<\/p>\n<p><b>For more information on SQL injection and other common threats, read through\u00a0<a href=\"https:\/\/www.n-able.com\/blog\/search?keywords=SQl%20injection\" target=\"_blank\" rel=\"noopener\">our related blog articles<\/a>.<\/b><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Read about common examples of SQL injection that can impact your business and see if any SQL injection examples are currently affecting your business.<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5528","post","type-post","status-publish","format-standard","hentry","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SQL Injection Attack Examples - N-able<\/title>\n<meta name=\"description\" content=\"Read about common examples of SQL injection that can impact your business and see if any SQL injection examples are currently affecting your business.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SQL Injection Attack Examples - N-able\" \/>\n<meta property=\"og:description\" content=\"Read about common examples of SQL injection that can impact your business and see if any SQL injection examples are currently affecting your business.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2019-09-02T19:04:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-09T13:53:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"N-able\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"N-able\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples\"},\"author\":{\"name\":\"N-able\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\"},\"headline\":\"SQL Injection Attack Examples\",\"datePublished\":\"2019-09-02T20:04:40+01:00\",\"dateModified\":\"2021-07-09T13:53:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples\"},\"wordCount\":769,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#organization\"},\"articleSection\":[\"Security\"],\"inLanguage\":\"pt-BR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples\",\"url\":\"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples\",\"name\":\"SQL Injection Attack Examples - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#website\"},\"datePublished\":\"2019-09-02T20:04:40+01:00\",\"dateModified\":\"2021-07-09T13:53:05+00:00\",\"description\":\"Read about common examples of SQL injection that can impact your business and see if any SQL injection examples are currently affecting your business.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/pt-br\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Injection Attack Examples\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#website\",\"url\":\"https:\/\/www.n-able.com\/pt-br\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/pt-br?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/pt-br\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\",\"name\":\"N-able\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"caption\":\"N-able\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SQL Injection Attack Examples - N-able","description":"Read about common examples of SQL injection that can impact your business and see if any SQL injection examples are currently affecting your business.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples","og_locale":"pt_BR","og_type":"article","og_title":"SQL Injection Attack Examples - N-able","og_description":"Read about common examples of SQL injection that can impact your business and see if any SQL injection examples are currently affecting your business.","og_url":"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2019-09-02T19:04:40+00:00","article_modified_time":"2021-07-09T13:53:05+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"N-able","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"Escrito por":"N-able","Est. tempo de leitura":"4 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples"},"author":{"name":"N-able","@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b"},"headline":"SQL Injection Attack Examples","datePublished":"2019-09-02T20:04:40+01:00","dateModified":"2021-07-09T13:53:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples"},"wordCount":769,"publisher":{"@id":"https:\/\/www.n-able.com\/pt-br#organization"},"articleSection":["Security"],"inLanguage":"pt-BR"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples","url":"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples","name":"SQL Injection Attack Examples - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/pt-br#website"},"datePublished":"2019-09-02T20:04:40+01:00","dateModified":"2021-07-09T13:53:05+00:00","description":"Read about common examples of SQL injection that can impact your business and see if any SQL injection examples are currently affecting your business.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/pt-br\/blog\/sql-injection-examples#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/pt-br\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"SQL Injection Attack Examples"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/pt-br#website","url":"https:\/\/www.n-able.com\/pt-br","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/pt-br#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/pt-br?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/pt-br#organization","name":"N-able","url":"https:\/\/www.n-able.com\/pt-br","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/pt-br#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b","name":"N-able","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","caption":"N-able"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/posts\/5528","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/comments?post=5528"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/posts\/5528\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/pt-br\/wp-json\/wp\/v2\/media?parent=5528"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}