SQl injection is a vulnerability that allows an attacker to influence the queries that are passed to the back-end database.It has been present since the time databases have been attached to the web applications.However, the main credit of bringing SQL injection into public notice goes to Rain Forest Puppy who in 1998 wrote an article on it and in 2000 he wrote another article describing how he hacked one of the popular website on the internet using SQL injection.
Before understanding the how SQL injection attacks we need to understand the Simple Three Tier Architectureor a Four Tier Architecture.This will clear your basics and give you a rough idea of how database-driven web applications work.
Three Tier Architecture
In a simple three tier datbase-driven architecture the three layers that are used are:-
The three tier architecture follows a linear relationship i.e Presentation Tier connects to the Logic Tier and theLogic Tier connects to the Storage Tier
Suppose you connect to the http://www.website.com using his web browser.This is your presentation tier.Now the web server residing in the logic tier will load the script for the entered url and will pass it to the scripting engine which will parse and execute the script.It will also open a connection to the database i.e Storage Tier .It will perform the queries and the data from the database is transferred to the logic tier which will now convert into HTML which is rendered by the Browser.
Four Tier Architecture
In Four Tier Architecture an layer of Application Server is inserted between a web server and the database.
In four tier architecture the connection to the database is opened by application server which has Application Programming Interface (API) that implements the business logic before transferring the data to the Logic tier.
Presentation TierLogic TierApplication Server Storage Tier
Working Of SQL Injection
SQL injection can be used using various methods.In this tutorial I will explain to the basic concepts behind the SQL injection.
Suppose you are on a shopping site and you have selected the option of showing all the accessories that costless then 200$ and its Url is like