SQL Injection

/0 Comments/in /by

Description

SQL injection (SQLi) attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.

SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

See how to fix it!

Risk

A successful SQL injection exploit can be lead to:

  • Reading sensitive data from the database
  • Modifying database data (Insert/Update/Delete)
  • Executing administration operations on the database (such as shutdown the DBMS)
  • Recovering the content of a given file present on the DBMS file system
  • Issuing commands to the operating system.

How To Prevent SQL Injection (SQLi)

Prevent SQLi in JAVA
Prevent SQLi in ASP.NET
Prevent SQLi in PHP

Reference

https://www.owasp.org/index.php/SQL_Injection
http://en.wikipedia.org/wiki/SQL_injection

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *