Blog

Twitter Feeds

July 2019
SSMTWTF
« Jan  
 12345
6789101112
13141516171819
20212223242526
2728293031 

What is SQL Injection Attack?

IQL injection is a method which is used for inserting malicious SQL queries from client to web applications. When attacker is trying to insert a query through input data form, if user input data form is not filtered, the malicious query can change attitude of the query according to the injected SQL commands owasp. A simple example:

SELECT * FROM users_tbl WHERE user = '$username' AND
pass='$password';
Malicious input:
user: admin
pass: 'or' 1=’1 or ‘or’ true
Joining malicious input with the SQL statement:
SELECT * FROM users_tbl WHERE user ='admin' AND pass='' or 1='1'

This query consists of SQL statement and the data that will be entered by user which is not part of the query, however, malicious user input might contain data with another SQL statement that can change the expected behavior of the query to include secret data in the result or inject malicious posts for performing XSS attacks.

Leave a comment



suncode-logo-footer

We are an IT Solutions and Consultancy company based in Erbil, we provide a high quality web development, designing and IT consulting services . We totally fathom the customer requirements and assist them to accomplish their ultimate business objectives.

 

Contact Info

  • No 144, Dar u Asn (Hadid u Khashab) Ave. Shoresh, Erbil, Iraqi Kurdistan
  • +964 750 555 1 999
  • inPROTECTED-EMAILfo@suncode.co

Follow Us