SQL Injection is a critical security vulnerability that allows attackers to interfere with the queries an application makes to its database. This can lead to unauthorized access to sensitive data, data manipulation, and even complete system compromise. Understanding how SQL Injection works and how to demonstrate it can be crucial for system administrators, developers, and security professionals to safeguard their systems.

In this article, we will explore how to set up a SQL Injection demo in a Linux environment. We will use common Linux tools and open-source software to create an environment where SQL Injection can be demonstrated safely. This will help you understand the mechanics of SQL Injection and the importance of securing your applications against such attacks.

Examples:

1. Setting Up the Environment:

First, we need to set up a web server with a vulnerable web application. We will use Apache, MySQL, and PHP (commonly referred to as the LAMP stack) along with a deliberately vulnerable web application called DVWA (Damn Vulnerable Web Application).

   sudo apt update

   sudo apt install apache2 mysql-server php php-mysql libapache2-mod-php

After installing the necessary packages, download and set up DVWA:

   cd /var/www/html

   sudo git clone https://github.com/digininja/DVWA.git

   sudo chown -R www-data:www-data DVWA

   sudo chmod -R 755 DVWA

Configure the MySQL database for DVWA:

   sudo mysql -u root -p

   CREATE DATABASE dvwa;

   CREATE USER 'dvwauser'@'localhost' IDENTIFIED BY 'password';

   GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwauser'@'localhost';

   FLUSH PRIVILEGES;

   EXIT;

Edit the DVWA configuration file:

   sudo nano /var/www/html/DVWA/config/config.inc.php

Update the database settings in the configuration file:

   $_DVWA = array();

   $_DVWA[ 'db_server' ] = 'localhost';

   $_DVWA[ 'db_database' ] = 'dvwa';

   $_DVWA[ 'db_user' ] = 'dvwauser';

   $_DVWA[ 'db_password' ] = 'password';

Restart Apache to apply the changes:

   sudo systemctl restart apache2

2. Demonstrating SQL Injection:

Access the DVWA web application by navigating to http://your_server_ip/DVWA in your web browser. Log in using the default credentials (admin / password).

Set the security level to "Low" to make it easier to demonstrate SQL Injection.

Navigate to the "SQL Injection" section of DVWA. Here, you will find a form that allows you to enter a user ID to retrieve information from the database.

Entering a simple SQL Injection payload like ' OR '1'='1 in the input field and submitting the form will demonstrate a basic SQL Injection attack. This payload manipulates the SQL query to always return true, thus bypassing authentication or revealing additional data.

   ' OR '1'='1

The result should show all user information from the database, demonstrating the vulnerability.

3. Mitigating SQL Injection:

To prevent SQL Injection, always use parameterized queries or prepared statements. Here’s an example of how to modify the vulnerable code to use prepared statements in PHP:

   $stmt = $mysqli->prepare("SELECT first_name, last_name FROM users WHERE user_id = ?");

   $stmt->bind_param("i", $user_id);

   $stmt->execute();

   $stmt->bind_result($first_name, $last_name);

   $stmt->fetch();

This approach ensures that user input is treated as data and not executable code, thus mitigating the risk of SQL Injection.