[WEBINAR] Application Acceleration: Faster Performance for End Users

SQL Injection Attack

Definition - What does SQL Injection Attack mean?

An SQL injection attack is an attempt to issue SQL commands to a database via a website interface. This is to gain stored database information, including usernames and passwords.

This code injection technique exploits security vulnerabilities in an application's database layer. Hackers exploit poorly coded websites and web apps to inject SQL commands, for example, taking advantage of a login form to gain access to the data stored in the database.

In simple terms, SQL injection attacks occur because the user-input fields permit the SQL statements to pass through and directly query the database.

Techopedia explains SQL Injection Attack

Modern websites include login pages, search pages, support and product request forms, shopping carts, feedback forms and so on.

These website features are all vulnerable to SQL injection attacks due to the availability of user-input fields. An attacker can easily execute arbitrary SQL statements if these websites are prone to SQL injection. This may compromise the databases’ integrity and can expose sensitive data.

Based on the back-end database used, SQL injection vulnerabilities can result in varying levels of injection attacks. Attackers may manipulate existing queries, use subselects, or add additional queries. In some instances, it may be even possible to read in or write out to files. Also, the attackers may execute shell commands on the root operating system (OS).

Some SQL Servers like Microsoft SQL Server incorporate stored and extended procedures. If an SQL injection attacker obtains access to these procedures, it can lead to highly undesirable outcomes. Improperly coded websites and webapps are always prone to this kind of attack.

The ideal way to avoid injection attacks is by detecting the vulnerabilities of websites and web apps before going live. There are automated SQL injection scanners which help the penetration testers verify the vulnerability of websites and web apps for potential SQL injection attacks.

This helps the web admin to instantly fix the vulnerable code and protect the websites from any potential SQL injection attacks.

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
"Techopedia" on Twitter

Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.