In-Band SQL Injection

1 min read Application Security

In-Band SQL Injection

In-band SQL injection, also called classic SQL injection, occurs when attackers use the same communication channel to launch attacks and retrieve results. This category includes error-based and union-based techniques. Error-based injection exploits verbose error messages that reveal database structure:

# Vulnerable code that exposes errors
def get_user(user_id):
    try:
        query = f"SELECT * FROM users WHERE id = {user_id}"
        cursor.execute(query)
        return cursor.fetchone()
    except Exception as e:
        return f"Database error: {str(e)}"  # Exposes internal structure

# Attacker input: 1' AND 1=CONVERT(int, (SELECT @@version))--
# Error reveals: Conversion failed when converting 'Microsoft SQL Server 2019...'

Union-based injection combines legitimate query results with malicious queries:

// Vulnerable Java code
String productId = request.getParameter("id");
String query = "SELECT name, description, price FROM products WHERE id = " + productId;

// Attacker input: 1 UNION SELECT username, password, email FROM users--
// Returns product data combined with user credentials