What is SQL injection? It is a type of input manipulation vulnerability. As the name suggests, it is a vulnerability where the attacker manipulates the web application in order to inject arbitrary SQL code into the application database. This vulnerability affects mainly web applications that use DBs to store and retrieve data.
Nowadays, most web applications use a DB, thus the united web apps affected by this vulnerability are huge. The main cause for this problem is when the web application uses data that is coming from an untrusted source to dynamically construct a SQL query. If the injection is successful, attackers can:
- Extract arbitrary data
- Insert tampered data into the database
- Bypass authentication authorizations, and access controls
- Take control of the server by executing OS commands
As you can see, it allows you to do a lot of things in...
