What is SQL Injection

-


SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures. They can go around authentication and authorization of a web page or web application and retrieve the content of the entire SQL database. They can also use SQL Injection to add, modify, and delete records in the database.



SQL is a query language that was designed to manage data stored in relational databases. You can use it to access, modify, and delete data. Many web applications and websites store all the data in SQL databases. In some cases, you can also use SQL commands to run operating system commands. Therefore, a successful SQL Injection attack can have very serious consequences.

  • Attackers can use SQL Injections to find the credentials of other users in the database. They can then impersonate these users. The impersonated user may be a database administrator with all database privileges.
  • SQL lets you select and output data from the database. An SQL Injection vulnerability could allow the attacker to gain complete access to all data in a database server.
  • You can use SQL to delete records from a database, even drop tables. Even if the administrator makes database backups, deletion of data could affect application availability until the database is restored. Also, backups may not cover the most recent data.
  • In some database servers, you can access the operating system using the database server. This may be intentional or accidental. In such case, an attacker could use an SQL Injection as the initial vector and then attack the internal network behind a firewall.


How to prevent SQL Injection :

In order to prevent a website from SQL Injection , one can use SQL Parameters . By the use of SQL parameters values are added to sql query at execution time .

The SQL engine checks each parameter to ensure that it is correct for its column and are treated literally, and not as part of the SQL to be executed.








Comments

Post a Comment

Please comment

Popular posts from this blog

Israel - Hamas Conflict in 2023

-
Image
An ongoing armed conflict between Palestinian militant groups led by Hamas and Israel began on 7 October 2023, with a coordinated surprise offensive on Israel. The attack began in the morning with a barrage of at least 3,000 rockets launched from the Hamas-controlled Gaza Strip against Israel. When did the first Israel - Palestine war start? The Arab-Israeli War of 1948 broke out when five Arab nations invaded territory in the former Palestinian mandate immediately following the announcement of the independence of the state of Israel on May 14, 1948. What is the story between Israel and Palestine? The conflict at its core is about the self-determination of two peoples living in the same place: Jews and Palestinians both want to control their own futures and both seek the ability to live in peace, freedom, and security. Why is Israel at war with Palestine 2023? There were increases in settler attacks that displaced hundreds of Palestinians; and there were violent clashes around the Al-A...
Read more

ICC 2023 World Cup India Schedule

-
Image
  Group Stage Matches of Indian Team Team India Squad Rohit Sharma (c)                                                                                  Hardik Pandya (vc)                                                  Shubman Gill Virat Kohli Shreyas Iyer KL Rahul Ravindra Jadeja                                                                                    Ravichandran Ashwin Shardul Thakur Jasprit Bumrah Mohammed Siraj Kuldeep Yadav Mohammed Sh...
Read more