A1 – injection
The injection threat is always based on input data from the user. An interpreter will take this information and, presumably, incorporate the data into the normal flow of a sentence that is to be executed behind the scenes.
So, the key here is that potential attacks should know the engine they're trying to surpass. However, the three main engines mentioned by A1 are SQL, OS, and LDAP, the first one being the most common (and that's why it's the most dangerous).
SQL injection
SQL injection is, perhaps, the most well-known of them all. It's based on some characteristics of the SQL language:
Several sentences can be linked together, separated by a semicolon (
;)You can insert an inline comment with a double dash (
--)The programmer doesn't care about the contents introduced by the user and adds those contents to a string that is passed to the interpreter, which blindly executes the command:
As you can see in the figure, you just have to pass the sentence or 1=1 -- to make it work. If...
