Tautology based Advanced SQL Injection Technique A Peril to Web Application |
|||||
|
|||||
|
|||||
Citation: |
|||||
Kritarth Jhala and Shukla Umang Dipakkumar. "Tautology based Advanced SQL Injection Technique A Peril to Web Application." International Journal for Innovative Research in Science & Technology . (2017): 32-36.
|
|||||
Abstract: |
|||||
In online era,SQL Injection is the top most security breaches in web application applications' software they let the attackers to gain the unrestricted access to the heart of any web application called backend databases which underlying the applications and potentially sensitive information these databases contain. Although researchers and pentsters have proposed a variety of methods to address the SQL injection problem current approaches either fail to handle the full scope of the problem or have limitations that prohibit their use and adoption. Many researchers and practitioners are familiar with only a subset of the wide range of techniques available to attackers who are trying to take advantage of SQL injection vulnerabilities SQL Injection is a code injection technique which used to attack data-driven applications in which the malicious SQL statements are inserted into an entry field for execution code injection technique. The first public discussions of SQL injection started appearing around 1998.It is very common and dangerous vulnerability in web applications. Lot of techniques are there to exploit this vulnerability. This paper will focus on Advanced Authentication bypass using Tautology based injection (ex : ' OR '1' = '1) etc., with some other manipulations to gain different user accounts access. |
|||||
Keywords: |
|||||
Advanced Sql injection techniques, data breaches, Web Application vulnerability, Bypassing authentication, identifying injectable parameters, extracting data |
|||||