A query can cause a program to fail because of bugs or various other issues. This means that a single query can take down an entire cluster of machines, which is not good for availability and response times, as it takes quite a while for thousands of machines to recover. Thus the Query of Death. New queries are always coming into the system and when you are always rolling out new software, it’s impossible to completely get rid of the problem.
One challenge at yesterday’s CTF was a seemingly-impossible SQL injection worth 300 points. The point of the challenge was to submit a password to a PHP script that would be hashed with MD5 before being used in a query. At first glance, the challenge looked impossible.
SQL is a domain specific language (a language designed to do one thing and knock the socks off at doing it) that just accesses databases.
Okay but what is a database? Well a database is essentially a collection of data, yeah I know that doesn’t help much.
To clarify we’ll play a little mental exercise. Imagine you have a piece of software that you want to track purchases of your t-shirts for this store that you have. Well what are you tracking? T-shirts or lets call them products, sales that you make, and your customers. Each of those products, customers and sales that you have are separate collections of data that you want to store. Products are the t-shirts and each of those has some information tied to the particular shirt that you want to store separate from the customer who is different from the sales. For instance a product could have size, sku, price, etc, while a customer could have a listing of their name, number, sales they are associated with and possibly if they owe you money or not. Getting the idea?
So a database is essentially a programmer’s tool to store all this data that’s relatively both fast and easy to maintain, build, store and ensure remains accurate.
There are tons of different types of databases, the most common one currently is called a Relational Database (RDMS). The idea behind this is that there are definable types stored in the database that can relate to other types in the database. So again going back to our example, we would have products, customers and sales as the definable types and customer and sales would relate like we talked about. A RDMS has a database that stores tables that contain these definable types (the products, customer, etc). Each of these tables has entries that contain the information you have provided.
So in our example a product has a sku, price and size. Each of these little bits of information that is associated with the defianble type (the product in this case) is a column. So each database has tables (the types) which have columns (the information associated with a type), the last piece in the puzzle is the actual data stored in the database. After all what good is a database if we have no information? The information or entries in our table are called the rows.
So here is a sample database entry and what it would look like:
Pretty simple once it’s explained. Next I’ll start going through MySQL in particular and some more relating to the language SQL.