How to confirm SQL injection

Is there any way to confi开发者_开发问答rm that a particular breach of security was done through SQL injection?

There is no easy way here, but if you have the enabled the SQL server you use to log every single sql statement, here is what I would do.

Normally, when I SQL inject somewhere, i use one of these as my always true statement for passing throgh the Where clause, after ending the former string.

1=1 
0=0

both being used as :

blahblahblah' or 1=1 --

You would not use this clauses in everyday code. So if you spot one of these in your history, well, it is a high candidate. Test the sql history to find :

(space)(number)(optional spaces)(equal)(optional spaces)(same number)(space)

Keep in mind that is heuristical, and will not always work, but could be the only way to give a hint after it had happened . Also, if you are in doubt about SQL injection, you should check the code for string concatenation and use of parameters.

after the attack has already happened? no. there isn't. you'll have to check all your sql serevr access point for potential risk. tere are some tools you can use. Check here under SQL Injection tools section.

SQL injection can happen any time you pass a query back to the database.

SQL Injection

Use mod_security to log POST requests and install an Intrusion Detection System to log/stop suspicious activity from now on. Logging every SQL request is an overhead if you are just looking for the breach points.

There are open source alternatives for IDS these days. I use PHPIDS for all my PHP applications.

Only one reliable way is probably analysing the SQL log files. Those should be done by a DBA who can spot things quickly as the size of logs would be huge.

It is better to prevent those.

There are some tools for that but the best one is the brain of the developer.

Stick with one simple rule - always use parameters when generating SQL query.
Just do the code review and if you find string cocatenations - that is first and highly possible place for SQL Injection.

You can log all http requests and check the requested pages for GET/POST sql injection tryouts.