Question

Why are SQL injection and query string manipulation gaining in cybercrime popularity?

Answer
Why Trust Techopedia

SQL injection, along with the related manipulation of query strings, is widely cited as one of the most popular ways of hacking into a network or system that utilizes the conventional relational database. (Read When SQL Isn't Enough: Controls for Massive New Data Centers.)

There are a number of reasons for this. First of all, the use of SQL injection to get unauthorized access to database contents doesn't require any special tools. Secondly, it can be done right through the Internet.

By manipulating a query string that goes from a web form to a host system, hackers can do all sorts of things, including getting the database to dump its data. Wherever these incoming inputs are not properly authenticated and validated, it’s extremely easy to make your way into a database remotely.

You don't have to crack a password or figure out a way around encryption or anything else — the hacker just enters the altered query statement and runs amok in the system.

In addition, as some experts point out, hackers can fingerprint databases through careful research. It's relatively easy in many cases to figure out what type of database a network is using, and again, this can all be done from any connected computer.

Essentially, query string manipulation is as simple as adding alphanumeric characters to a string. It's one of the simplest, most straightforward and most effective types of database hacking around. Contrast this with something like a denial of service attack or a ransomware attack, both of which require sophisticated planning, and you'll see why SQL injection is so popular. (Read How Should Businesses Respond to a Ransomware Attack?)

There are ways of locking out hackers — of disabling SQL injection, but vulnerabilities are so common that they represent a big open barn door to hackers. Spoofing and social engineering are also popular, but SQL injection doesn’t even require the hacker to trick any human user! It just involves looking for the right pressure point, and using it.

Related Terms

Justin Stoltzfus
Contributor
Justin Stoltzfus
Contributor

Justin Stoltzfus is an independent blogger and business consultant assisting a range of businesses in developing media solutions for new campaigns and ongoing operations. He is a graduate of James Madison University.Stoltzfus spent several years as a staffer at the Intelligencer Journal in Lancaster, Penn., before the merger of the city’s two daily newspapers in 2007. He also reported for the twin weekly newspapers in the area, the Ephrata Review and the Lititz Record.More recently, he has cultivated connections with various companies as an independent consultant, writer and trainer, collecting bylines in print and Web publications, and establishing a reputation…