Blog

Twitter Feeds

March 2019
SSMTWTF
« Jan  
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

What is SQL Injection Attack?

IQL injection is a method which is used for inserting malicious SQL queries from client to web applications. When attacker is trying to insert a query through input data form, if user input data form is not filtered, the malicious query can change attitude of the query according to the injected SQL commands owasp. A simple example:

SELECT * FROM users_tbl WHERE user = '$username' AND
pass='$password';
Malicious input:
user: admin
pass: 'or' 1=’1 or ‘or’ true
Joining malicious input with the SQL statement:
SELECT * FROM users_tbl WHERE user ='admin' AND pass='' or 1='1'

This query consists of SQL statement and the data that will be entered by user which is not part of the query, however, malicious user input might contain data with another SQL statement that can change the expected behavior of the query to include secret data in the result or inject malicious posts for performing XSS attacks.

Leave a comment



suncode-logo-footer

We are an IT Solutions and Consultancy company based in Erbil, we provide a high quality web development, designing and IT consulting services . We totally fathom the customer requirements and assist them to accomplish their ultimate business objectives.

 

Contact Info

  • No 144, Dar u Asn (Hadid u Khashab) Ave. Shoresh, Erbil, Iraqi Kurdistan
  • +964 750 555 1 999
  • inPROTECTED-EMAILfo@suncode.co

Follow Us