Quines: A Self Producing Syndrome

Quines: A Self Producing Syndrome SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. Injection has made a constant appearance in the #OWASP Top 10 Web Application Security vulnerabilities for over 10 years. There are a variety of SQL injections ranging from Error-based, Time-based, Union-based SQLi and #Quine #SQLinjection, a subset of it which is not as popular but way powerful when used. Quine means a program that returns the source code as it is. Even without any access to physical source files in the filesystem, using a Quine, we could produce the source code which might seem unrealistic. To print its own listing, when a program is run, it must print out precisely those instructions which the programmer wrote as part of the program and it tends to seek the source file on the disk, open it, and print its contents. Quines does not depend on delimiting factors like the process of being able to read a source file itself. In scenarios where the verification logic that checks whether the user input and query result values are the same even if the database is empty (Ghost tables), it will be possible to bypass the verification checks using Quine SQL Injection. Gopika Subramanian Gopika is a 19-year old Web Application Exploitation and Security enthusiast. She is the member of team bi0s, a CTF (Capture The Flag) team ranked number-1 in India for the past 4 consecutive years. Gopika is pursuing her third year undergraduate in Computer Science and Engineering at Amrita Vishwa Vidyapeetham and is also a part of TeamShakti -the leading women-only CTF team from India. TeamShakti got into the arena of capturing flags last year and is one among the 3 only women-only CTF teams worldwide. She was also granted student scholarship for attending elite Cybersecurity conferences like BHEUROPE 2019, Troopers20, BHUSA 2020