SQL Injection
SQL Injection (SQLi) relies on attacking the database that sits behind a website and occurs when applications build queries through string concatenation instead of using parameterized queries, allowing attackers to alter the intended SQL command and access or manipulate data. In 2023, an SQLi vulnerability in MOVEit, a file-transfer software, was exploited, affecting over 2,700 organizations, including U.S. government agencies, the BBC, and British Airways.
LOG ENTRIES
198.51.100.22 - - [03/Oct/2025:09:03:11 +0100] "POST /login.php HTTP/1.1" 200 642 "-" "python-requests/2.31.0" "username=alice%27+OR+1%3D1+--+-&password=test"
The PHP code stores user and password inputs as strings, which can be used to inject SQL if the inputs are manipulated.
The variablesĀ $userĀ andĀ $passĀ are set usingĀ ??, which treats them as if they are strings. If the user's input is a number (e.g.,Ā 123), it can be converted to a string, which can then be used in an SQL query likeĀ SELECT * FROM users WHERE username = ?. This is a classic example ofĀ SQL injection.
3.Ā Best practices for preventing similar issues:
- UseĀ prepared statementsĀ orĀ parameterized queriesĀ to prevent SQL injection.
- Sanitize all user inputs (e.g., usingĀ
filter_inputĀ orĀhtmlspecialchars) before storing them. - Avoid usingĀ
??Ā and instead useĀisset()Ā orĀempty()Ā to check for values.
4.Ā Tools and techniques for code security testing:
- UseĀ OWASP ZAPĀ orĀ SonarQubeĀ to detect SQL injection vulnerabilities.
- ImplementĀ input validationĀ andĀ output encodingĀ to prevent XSS or other attacks.
1. Analysis of the Logs
2.1. Log Entry Details
-Ā IP Address: 198.51.100.22 ā A userās IP address.
-Ā Time and Date: 2025 October 3rd at 09:03.
-Ā URL: "/login.php" ā A vulnerable web application endpoint.
-Ā Username: "alice" ā A user attempting to log in.
-Ā SQL Injection: The password parameter containsĀ "username=alice%27+OR+1%3D1+--+-&password=test", indicating an SQL injection attempt.