Description

SQL injection (SQLi) attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.

SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

See how to fix it!

Risk

A successful SQL injection exploit can be lead to:

  • Reading sensitive data from the database
  • Modifying database data (Insert/Update/Delete)
  • Executing administration operations on the database (such as shutdown the DBMS)
  • Recovering the content of a given file present on the DBMS file system
  • Issuing commands to the operating system.

How To Prevent SQL Injection (SQLi)

Prevent SQLi in JAVA
Prevent SQLi in ASP.NET
Prevent SQLi in PHP

Reference

https://www.owasp.org/index.php/SQL_Injection
http://en.wikipedia.org/wiki/SQL_injection

 

Share with your friends

appsec-labs-logo-007

No comments yet.

Leave a Reply

You must be logged in to post a comment.