SQL Injection
Description
A SQL injection (SQLi) attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
Risk
A successful SQL injection exploit can be lead to:
- Reading sensitive data from the database
- Modifying database data (Insert/Update/Delete)
- Executing administration operations on the database (such as shutdown the DBMS)
- Recovering the content of a given file present on the DBMS file system
- Issuing commands to the operating system.
How To Prevent SQL Injection (SQLi)
Prevent SQLi in JAVA
Prevent SQLi in ASP.NET
Prevent SQLi in PHP
Reference
https://www.owasp.org/index.php/SQL_Injection
http://en.wikipedia.org/wiki/SQL_injection
Leave a Reply
Want to join the discussion?Feel free to contribute!