Most modern applications need somewhere to store information.
Examples include:
- User accounts
- Password hashes
- Session information
- Orders
- Financial records
- Audit logs
- Application settings
Databases provide a structured way to store and retrieve this information.
Where Databases Fit
A typical web application looks something like:
Browser
↓
Web Server
↓
Backend Application
↓
Database
The frontend never talks directly to the database.
Instead:
- The user sends a request
- The backend processes it
- The backend queries the database
- The database returns data
- The backend returns a response
Tables
Most databases organize data into tables.
Example:
Users
| ID | Username | |
|---|---|---|
| 1 | alice | alice@corp.local |
| 2 | bob | bob@corp.local |
Each row represents a record.
Each column represents a field.
SQL
Most relational databases use SQL (Structured Query Language).
Example:
SELECT * FROM Users;
Returns:
ID Username
1 alice
2 bob
SQL is used to:
- Read data
- Insert data
- Update data
- Delete data
- Create tables
Common SQL Operations
Retrieve data:
SELECT * FROM Users;
Insert data:
INSERT INTO Users (Username)
VALUES ('alice');
Update data:
UPDATE Users
SET Username = 'bob'
WHERE ID = 1;
Delete data:
DELETE FROM Users
WHERE ID = 1;
Common Database Platforms
Although many database products exist, operators repeatedly encounter a handful of major platforms.
MySQL
Common in:
- PHP applications
- WordPress
- Linux environments
- LAMP stacks
Typical ports:
3306/tcp
Microsoft SQL Server (MSSQL)
Common in:
- Windows environments
- Active Directory environments
- Enterprise applications
- ASP.NET applications
Typical ports:
1433/tcp
MSSQL frequently appears during internal assessments and Active Directory engagements.
SQLite
SQLite is different.
Unlike MySQL or MSSQL, there is usually no separate database server.
The database is simply a file.
Example:
users.db
Applications directly read and write to this file.
SQLite is extremely common in:
- Desktop applications
- Mobile applications
- Browser storage
- Embedded devices
- Lightweight web applications
During assessments operators often discover SQLite files containing:
- Credentials
- Tokens
- Session data
- Application settings
Comparing Them
| Feature | MySQL | MSSQL | SQLite |
|---|---|---|---|
| Separate Server | Yes | Yes | No |
| Network Accessible | Usually | Usually | Usually No |
| Enterprise Usage | Common | Very Common | Rare |
| Local Application Storage | Rare | Rare | Very Common |
| Typical File Discovery | Uncommon | Uncommon | Very Common |
Why Operators Care
Databases often:
- Operate under privileged contexts
- Contain sensitive information and secrets
- Store application configuration and business-critical data
- Provide pathways to operating system interaction and, in some cases, direct code execution
For this reason, a database compromise can be just as damaging as a full system compromise.
Common Assessment Findings
Operators frequently discover:
- Default credentials
- Weak credentials
- Excessive permissions
- Exposed database ports
- Backup files
- SQL Injection vulnerabilities
- Hardcoded connection strings
- Unnecessary dangerous capabilities enabled
Many web application compromises ultimately result in unauthorized database access.