SQL Injection

SQL injection, also known as SQLI

Vulnerability Name: SQL Injection on [Parameter] at [Domain name]

Vulnerability Description: SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

[Don't forget to add your vulnerability description, the one given above is general description]

Payload: [SQL payload to fetch the db]

Steps to Reproduce:

  1. Go to the [URL].

  2. Use the above payload SQL payload to fetch the db on [parameter]

  3. Intercept the request with burp and check the response.

  4. You should see the database there

  5. This is SQL Injection.

Proof-of-concept: Snapshots or video link attached

Impact: There are a number of things an attacker can do when exploiting an SQL injection on a vulnerable website. Usually, it depends on the privileges of the user the web application uses to connect to the database server. By exploiting an SQL injection vulnerability, an attacker can:

  • Add, delete, edit or read content in the database

  • Read source code from files on the database server

  • Write files to the database server

It all depends on the capabilities of the attacker.

Attack Scenario: [Create your own attack scenario according to the workflow of website]

Remediation:

  1. The best way is input validation.

  2. Using Prepared Statements as SQL Injection Prevention.

  3. If possible try using a WAF.