Series 3:
When you’re knee-deep in project data, whether it’s managing equipment logs, tracking material deliveries, or filtering records from a construction database, the last thing you need is a rigid query slowing you down. As engineers, we often need flexible ways to pull the right data without digging through endless rows manually. That’s where knowing how to properly use the SQL OR operator becomes a real time-saver. It allows you to combine multiple WHERE conditions and retrieve exactly what you need, even when your criteria aren’t neatly aligned. In this quick guide, I’ll walk you through how to use the OR operator effectively so you can write smarter queries, reduce noise, and get back to solving real engineering problems instead of fighting your database.
Let’s take a look at what happens when certain conditions aren’t met, or when specific results simply get ignored. All right then you have something called as OR. Now what is the OR operator? OR operator basically means either of the input should be true. So if I am using this website either the username or the password should be correct. To simulate this let me just go to my database. So let’s say I enter something like this. If I enter select star from user where username is equal to him, this is correct. The username is there, or password is equal to something random, then it should tell us whether this username is correct or not. This is a query. Let’s hit enter. It says password in WHERE clause. Not password, it will be pass and the column name is pass. Can you see it is still returning me the username and password saying that these exist. Why? Because I have used the OR operator. But this is not the correct output or this is not the output that I want when I am trying to login. When I am trying to login what I want to do is I want to see whether the username and the password are correct or not. So taking the same statement again if I change this OR to AND then it will not give me any output which means empty set which basically means that there is no username with the name Hmon and the password this and hence it will give me an empty set which basically means that the user does not exist and hence I will get a login failed on my website. This is the difference between OR and AND. So in OR either of the input should be there in the database and in AND both the input should be present correctly in the database. Only then it will give us a successful message.
The Significance of “1 = 1” in SQL Queries
What is 1 is equal to 1? 1 is equal to 1 is a statement which is always true. What does that mean? Whenever I will write let’s say if I write when username is equal to him and 1 equal to 1 which basically means that this statement is always going to be true in case the username is him because the second condition is always going to be true which is 1 equal to 1. So this syntax basically means that the condition is true and you can use it anywhere. You can use it while you are working with an SQL query or when you want to go ahead and execute a statement. So now let’s go ahead and try these out and understand how this works when you are working with an SQL query using these syntaxes. Let’s go ahead and write an SQL query and see what the output would be according to what we have just learned. Coming back to my MySQL shell. Let’s say I go ahead and first show you all the records again which I have in the table. These are all the records that I have in the table. Now what I will be doing is let’s say I type in select star from user where username is equal to him and 1 is equal to 1. What do you think will be the output of this? Let’s try and analyze. What did we learn? We learned that when we use AND then both of the input should be true. Do we have username equal to Hmon in the user table? Yes, we do. This is the condition we are using. So this is true. Now let’s see if this is true or not. According to what we have learned, this condition is always true. Now if you try and execute this, you will get the username Hmon and the password hmon123. Then if we type in a query like select star from user where username equal to Amon and password is equal to a wrong password like 12345, in this case it will not return anything. Now let’s try to edit this query and apply the syntax that we have just learned. First let’s comment out the part which we don’t need. We don’t need the pass part over here. This is correct but the latter part is wrong because of this the SQL query is not running. So let’s comment this part out. We will add hyphen hyphen space. This part is now commented. Now if we just enter 1 equal to 1 over here and give a semicolon. Let’s see what is the output that we get. As you can see you were able to bypass what you just wrote. You commented out whatever was there later and you added 1 equal to 1 before that comment and because of this this query is just executing up till here and whatever was there after and you have commented it by adding hyphen. This is the basics of an SQL injection. If you understand this now it will be very easy for you to gauge what I will be telling you later.
How to Perform and Prevent SQL Injection in Web Applications
So what we know of this website right now is that if I enter the username and this is the correct username as I know and I enter a wrong password over here. If I enter the wrong password and click on sign in I get login failed. I want to change this or I want to achieve that I should get login success over here. Let’s see how we can bypass this feature. As we know right now that the syntax the current website is running in the background is select star from user where username is this and password is this. This is how most of the login websites basically work. Now in order to achieve an SQL injection query or an SQL injection use case, I will have to change the SQL query or I will have to try to change the SQL query from this user interface so that I can bypass into the system. How can we do that? That can be achieved by using the syntax that we learned earlier. Let me first show you how we can do it and then I will explain what would have happened. Before whatever string that I am entering over here that will have an apostrophe starting before it or that will have an inverted comma starting before it. Let me close the inverted commas first and then I will type in OR and then type in the query which is always going to be true which is 1 equal to 1 and then I will close this statement and after this whatever is there I am going to comment it out by typing in hyphen and then space. This is the argument that I am going to pass over here. Now click on sign in. It says this field is required. You can fill this field. Now click on sign in. Now as you can see it says login success. How do you think this would have happened? Let me go ahead and show you. The query that we have in the code is select star from user where username is equal to him and pass is equal to some password. This is a query which is executing in the background. Now what I have done is I have replaced hmon with a string which goes something like this. I first entered inverted comma then I entered a space and then I said OR 1 is equal to 1 semicolon space comment sign and then space. Now see what has happened. This query has now changed to this query and I have commented the rest of the part out. Now if you execute this query what will you get? You will get all the usernames and you will get all the password. Let me hit enter. Can you see I have got all the usernames and I have got all the passwords. Because this is something which is not an empty set the website is now telling me that the login is successful. This is a very simple and dangerous SQL injection that we have just done because not only have you got access to the website not only have you spoofed the website but in case you are able to get this result set out through some method you will be able to get all the usernames and all the passwords that are there on the database of this website. This is how you do SQL injection.
Quiz on Network Attacks and SQL Injection Risks
Now that we know let’s have a quick quiz question. The question we have here is a DOS with 20 to 40 Gbps is enough for totally shutting down the majority network infrastructure. Is this statement false, true, both one and two or can say? Think thoroughly and mention which option you think is the right one in the comment section below with one or two liner explanation as well. Just a quick info, Intellipath provides an advanced certification in cyber security by EICT Academy IIT Gojhati. You will get to learn the most important concepts such as ethical hacking, penetration testing and network security in this course. You will get to learn from IIT faculty and industry experts. Reach us out to know more.
Why Preventing SQL Injection is Crucial for Everyone
Injection is done. Let’s go ahead and understand is it really important to prevent SQL injection. You might be wondering now whatever I have told you not a lot of people will be knowing about it and that is actually true. Not a lot of people know about how to hack websites or what would be the purpose of someone hacking your website. So probably it just happens to big companies like Sony, LinkedIn, Twitter. So why should you be worried about it? That is a valid point. But imagine right now if you are doing a startup. Probably right now the need is not there but if something like this happens to your website because as we are growing towards a more technological world, a world which is more online, more and more people are getting the skill sets to work online or use the internet. And with that if somehow somebody targets your website it is going to be a huge loss to your business because the users who were using your website will not trust your website anymore. So to sum up is it important to prevent SQL injections? The point is that yes, the prevalence is going to be very less.
Importance of SQL Injection Awareness and Prevention
The attack might be happening to your website or it might not be. The chances of it happening are very less because there are very few individuals in the world who can do SQL injections right and who would want to target a very small company that you have just started. But does this mean that you should ignore it? Well no, because the ease of exploitation for this particular subject is very easy. In the future as we go forward, more and more people will get aware about this particular concept, this particular technology and hence the chances of even somebody playing around with your website is going to get you a huge business loss. That is why the impact of this is going to be devastating. So it is very important to prevent SQL injections, whether it is a very small company, a medium-sized company or a large company.
You should learn all the best practices for development. You should include people in the team who are cyber security experts. You should have test cases in your development team which is going to help you understand if your code is safe or not because it does not matter if your code is just working. Your code has to be safe as well. This is why the demand for ethical hackers, the demand for security specialists is increasing day by day because companies have started to recognize that this is a threat. This is something that needs to be addressed.
So with that said, how to prevent SQL injections? Now you will say it is very important to prevent SQL injections but how should you go ahead and advise a company so that they can prevent SQL injections? So let’s understand that. The first thing is you should use the principle of least privilege which means this website is able to insert or select data out of the database. This website should have a username which has the least privileges allotted to it so that it can only do what it is supposed to do.
Secure Coding Practices to Prevent SQL Vulnerabilities
We just saw that if we use this website, we are able to list all the usernames and all the passwords which are there in the table. That should not be a permission allowed to the user assigned inside your code. For example, if you look at the code, the username that we have given over here is root and that is absolutely wrong. You should never use root or an admin user in your code. It is very important to have a username which has the least privileges. The privileges which will only help you get the work done should be assigned to your code.
All the passwords and all the usernames, if they can be hashed in some way, then this attack can be avoided. Because right now we relied on the fact that whatever is being entered is not encrypted and is plainly being passed to SQL. But what if we put in a system which can encrypt all the user inputs and that encryption is passed to SQL as an argument? In that case, what is going to happen is you will not be able to run any SQL query. So that is a preventive measure that you can take.
You can always employ third-party authentication. A lot of websites now have options like login with Facebook, login with Google. All these big companies have gone through a lot of work. They have been through many situations and have many people working on the security aspect of their websites. You can be rest assured that as an owner or manager of a tech team, if you apply your own methods to create a model that cannot be spoofed, that may not help you because Facebook and Twitter have a lot of people who test applications before they go live.
How to Prevent SQL Injection Attacks and Use Ethical Hacking Tools Safely
They test applications with different scenarios. Their applications are more mature. So it is always a good idea if you do not want to just make your application secure because otherwise your focus would only be on security, while your stakeholders would want more features in your application. If you have to balance both of them, why not use things which are already available? Use third-party authentication tools which are already available. These are some of the methods that you can use to prevent SQL injections.
There are more ways as well. You can follow the best practices of coding. For example, instead of concatenating the arguments like we did in the code, you can also pass them as arguments. That is a topic for a separate discussion altogether. But if you follow all these three points, they should be enough to prevent a SQL injection.
Creating a Trojan with NJRAT. There are many ways you can create a Trojan, but what we are going to do today is create a remote access Trojan with the help of a tool called NJRAT.
Using NJRAT to Demonstrate Ethical Hacking Tools
This is one of the most common hacks possible today if security is not implemented in the target system. A remote access Trojan gives you remote access to the target’s computer or host system or network. NJRAT, also known as Bladabindi, is a remote access tool which allows the holder of the program to control the end user’s computer or the target’s computer. How does it work? It is a convenient application which helps you create your own RAT which connects back to your remote IP.
When you are creating this particular RAT, this Trojan, it will ask you what your own IP is. You enter your IP, and once that is done, you can start creating the Trojan. It will be created and a file will be generated. You can send that file to your victim’s computer and if the victim runs the file even once, then you have access to the victim’s PC.
You have access to the victim’s file system. You have access to the victim’s command line terminal. You can remotely operate their computer if needed. One of the most concerning things is you have access to the victim’s webcam if it exists on the victim’s computer. You can get the passwords cached in the victim’s computer. You can open chats on the victim’s computer. You can see the amount of damage that can be caused with this particular tool if it runs on the victim’s computer.
Understanding the Implications of Remote Access Trojans
It is usually detected by antivirus software. But if you are intelligent in your implementation, you can get access to the victim system. This is highly recommended not to try with someone you do not have permission from. This is extremely illegal. But it is a common practice in ethical hacking jobs where it is your task to find out how vulnerable your system is to these RATs.
You create a RAT and see if you are able to do anything with it and if it is detectable by the target system. NJ is a convenient application that helps you create your own RAT and once the Trojan is launched, it connects the target system to the attacker system without the target’s knowledge. You simply click on the executable. Nothing will happen visibly, and you will move on, but a process has started which has connected your system to the attacker’s computer.
The attacker can now see everything. There is a very convenient drop-down menu on the attacker’s end where all of that information is accessible. The drop-down menu has all those options. Let us implement this in real life by using virtual machines.
Practical Demonstration of RAT Creation and Deployment
Let us implement a RAT in real life in practice. We are going to be using NJRAT. This tool is used to create remote access Trojans. It creates a Trojan file. Once installed on the target system, it gives you access to that system’s processes, services and file system. It is a very invasive RAT.
Let us begin with it. The port by default is 5552. Click on start. Once started, there are no lists available because no system has been accessed yet. First, we will create a RAT. Click on builder. In the builder, type in the host. In this case, the host is our Windows 10 system. So it is 10.10.10.
This is where the RAT will report back to. Then click on copy to startup. Then click on build. Once you click on build, a browser window will open so you can choose where to save your file. In this case, store it in the C tools directory. This is the shared directory across all folders. Name the file test.exe and click on save.
Remote Access Tools and Options
Check our status and we can see that we’ve hacked the Windows Server 2016 computer. So I can expand this and elaborate on this. If I simply open that up by right-clicking on it, we can get a whole bunch of options. The first thing that we get is the file manager. If I open that, it takes some time but we can browse through all of the files that are present on the target system. We can go to the process manager. This will tell us all of the processes that are running on the target system. It takes a bit of time to load and as we can clearly see, we can see all of the processes that are running on the Server 2016 computer. We can see the connections. Depending on the network speed that you have, it may take a little bit of time. So we can see all of the port and IP details.
We can look at the registry of the target system which is very important if you’re hacking a system and you can also access the remote shell of the target system. There are other options—very invasive options—available to you. You can also run a file. This could be from your own desk. This could be a script. Or you could simply access the computer’s remote desktop. You can access the webcam of that computer. You can get the passwords. You can even enable and access the keylogger, which will basically tell you whatever the target user is typing onto his keyboard. You can open up a chat to send messages to the target system. So as you can see, there are a lot of other options as well that you can implement with this invasive remote access provision.
Understanding the CIA Triad in Cybersecurity
Let’s talk about the principles of security also known as the CIA triad. The C in CIA stands for confidentiality. Confidentiality ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. It refers to an organization’s efforts to keep their data private or secret. In practice, it’s about controlling access to data to prevent unauthorized disclosure. Typically, this involves ensuring that only those who are authorized have access to specific assets and that those who are unauthorized are actively prevented from obtaining access.
Then the I in CIA stands for integrity. Integrity is upheld when the assurance of the accuracy and reliability of information and systems is provided and any unauthorized modification is prevented. This means that integrity refers to the quality of something being whole or complete. In cybersecurity, integrity is about ensuring that data has not been tampered with and therefore can be trusted. It is complete, authentic, and reliable. So that is what integrity means. Then the A in CIA stands for availability. Availability protection ensures the reliability and timely access to data and resources to authorized individuals. Quite simply, availability means that networks, systems, and applications are up and running. It also ensures that authorized users have timely, reliable access to resources when they are needed.
Security Controls Overview
Now let’s talk about the types of security controls. There are three types of controls with different practices that come under each of them. The first one is administrative controls. This refers to the policies, procedures, or guidelines that define personal or business practices in accordance with the organization’s security goals. Security documentation, risk management, personal security, training, and culture are the practices that come under administrative controls.
The second one is technical or logical controls. This includes the hardware or software mechanisms used to protect assets in an organization. Firewalls, IDS or intrusion detection systems, encryption, authentication, and input validation are the practices that come under technical or logical controls. Then the third one is physical controls. This refers to anything tangible that is used to prevent or detect unauthorized access to physical areas, systems, or assets in an organization. Security guards, logs, fencing, lighting, and CCTV are tangible security measures which come under physical controls.
CIA Triad and Cybersecurity Best Practices for Hacking and Remote Access
Now let’s discuss the security controls that enforce the principles of security or the CIA. The CIA, also known as the CIA triad, includes confidentiality, integrity, and availability. Confidentiality ensures that the necessary level of secrecy of data is enforced. Data encryption at rest, data encryption in transit, and access control are the controls employed for ensuring the confidentiality of the data.
Then there’s integrity. Integrity refers to the assurance that the accuracy and reliability of information is maintained and unauthorized modification is prevented. The controls used to ensure integrity of the data are, first one is hashing. Hashing is a practice used where an algorithm maps data to any size of a hash value which is of fixed length. This can be used to check that the data has not been altered. This can be used as an authenticity check for the data. Then there is configuration management, change control, and CRC functions. CRC functions are a cyclic redundancy check which is an error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data.
Then there is availability. Availability ensures reliability and timely access to data and resources to authorized individuals. Clusters, load balancing, and RAID (which stands for redundant array of independent disks, which is a way of storing the same data in different…
Security Controls for Availability
Places on multiple hard disks or solid-state drives to protect data in the case of a drive failure. Then backups, collocation etc. are the practices that come under availability to ensure the smooth availability of all the systems. So these controls work together to provide a healthy, safe, and productive environment.
Introduction to Security Frameworks
Now let’s talk about the security framework. So framework refers to the basic structure underlying any system. So a security framework when done properly will allow an organization to more intelligently manage their information security risks. So the framework is actually a compilation of the policies and practices that are used to ensure the security of critical infrastructure. A security program is a framework. Organizations are free to plug in different types of technologies, methods, and procedures to accomplish the necessary protection level for their environment. So a framework can include different programs, different methods, different technologies whichever are necessary for the security scenario that the organization requires.
Now let’s talk about ITIL which stands for Information Technology Infrastructure Library. ITIL is the de facto standard of best practices for IT service management. The ITIL is actually a framework designed to standardize the selection, planning, delivery, maintenance, and overall life cycle of IT services within a business. So the ITIL was created because of the increased dependence on information technology to meet business needs.
What is Security Governance?
Now let’s see what security governance is. So security governance is actually the set of responsibilities and practices exercised by executives with the goal of providing strategic direction, ensuring that objectives are achieved, asserting that risks are managed appropriately, and verifying that the enterprise’s resources are used responsibly. So basically security governance is the means by which you control and direct your organization’s approach to security. So when done well, security governance will effectively coordinate the security activities of your organization. Security governance always flows from top to bottom and it should always cut across all the business verticals so that it is functioning properly.
Cybersecurity Risk Management and Governance Frameworks
Now let’s talk about what is third-party security governance. Third-party governance is the system of oversight that may be mandated by law, regulation, industry standards, contractual obligation, or licensing requirements. This generally involves an outside investigator or auditor designated by a governing body or the consultants hired by the target organization. Another aspect of third-party governance is the application of security oversight on third parties that your organization relies on. So these parties need to stay in compliance with the primary organization’s security standards otherwise they present additional risks and vulnerabilities to the primary organization.
Let’s discuss standards, guidelines, and procedures. So first of all standards. Standards define some compulsory requirements for the use of hardware, software, technology, and security controls. So these standards are basically documents that say how these methods should be accomplished so that the goals required for security principles can be achieved. So standards are mandatory courses of action or rules that are needed to accomplish for certain security practices to be completed. Then there are baselines. These baselines are a minimum level of security that every system throughout the organization must meet. So it’s like a threshold that every system has to meet. The baseline establishes a common secure state on which all additional security measures can be built. Then there are guidelines. Guidelines are recommendations on how standards and baselines are implemented. Guidelines say how the above-mentioned standards and baselines have to be put in place. Guidelines are also flexible that it can be customized in unique cases or conditions. Finally, there are procedures. Procedures are detailed step-by-step how-to documents that describe the exact actions necessary to implement a specific security mechanism, control, or solution.
Now let’s see what threat modeling is. Threat modeling is a security process where potential threats are identified, categorized, and analyzed. It can be performed as a proactive measure during design and development or as a reactive measure once the product has been deployed. There are different types of identifying threats and they are the first one is identifying threats focused on assets. This method uses asset valuation results and attempts to identify threats that are valuable to these or threats that are focused on these valuable assets. Then there are identifying threats focused on attackers. Sometimes it is possible to identify potential attackers and the threats they represent based on their goals or the procedures that they use. These procedures are known as TTP or tactic technique procedures. Then there are threats that are focused on software. If an organization develops software, then it can consider potential threats against its specific features and input mechanisms.
Supply Chain in Security
Product. There are two types of suppliers: upstream and downstream suppliers. The upstream supply chain shows the relation between the supplier and the raw materials and the supplier’s supplier. This means who is supplying the raw materials to the supplier in the first place. That is the upstream supply chain. What is coming to the company is often termed as upstream supply chain. The downstream supply chain is the final product or the thing leaving the company. It is often left in the form of a final product to serve the customer. So we call it the downstream supply chain.
Now there is something known as a service legal agreement or SLA. SLA is a contractual agreement that guarantees a certain level of service from service providers. If the service is not delivered at the agreed-upon level, there are consequences, typically financial consequences. These SLAs provide a mechanism to mitigate some of the risk from the service providers in the supply chain.
Now we will see what is personal security. People are often the weakest link in security. We say that often human error accounts for up to 95% of security breaches. The reason for this is that either accidentally through mistakes or lack of training, or intentionally through fraud and malicious intent, personnel cause more serious and hard-to-detect damage to security than outside attacks or equipment failure. This is a huge problem. Properly trained personnel are very vital for maintaining security. Although the future actions of individuals cannot be predicted, it is possible to minimize the risk by implementing preventive measures and some best practices.
Measures to Improve Personal Security
Now let’s see what are the measures that are used in improving personal security. The first one is separation of duties. Separation of duties is a preventive administrative control put in place to reduce the potential of fraud. For example, an employee cannot complete a critical financial transaction by herself or himself. They will need their supervisor’s approval before the transaction can be completed. Separation of duties makes it difficult to commit any fraud without resorting to collusion or conspiracy.
Then there is dual control. Here two or more individuals are authorized and required to perform a duty or task. Both of these individuals must be available and active in their participation to complete the task. Not a single person will be able to complete the task on his or her own. For example, two officers must perform an identical action to send a missile from a nuclear submarine.
Then there is split knowledge. No one person knows or has all the details to perform a task. For example, two managers might be required to open a bank vault, with each only knowing part of the combination to open the lock.
Then there is job rotation. Job rotation is an administrative detective control used to uncover fraudulent activities. No one person should stay in one position for a long time because they may end up having too much control over a segment of the business. Rather than keeping one person in one job for a long time, the job is rotated.
Then there is mandatory vacation. Employees in sensitive areas should be forced to take vacation so that other people can fill their position for that time. This ensures that no fraudulent activities are occurring there.
Now we will see what are due diligence and due care. Due care means doing what a reasonable person would do in a given situation. It is also often called the prudent man rule. Then there is due diligence. Due diligence means making sure that you have done enough research before taking the required action and tracking the work that you have done after implementation so that you can improve after the work also.
1 thought on “How to Use the SQL OR Operator to Combine Multiple WHERE Conditions”