Hackersidea

A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. SQL Injection – Basic Concepts There are two types of SQL Injection • SQL Injection into a String/Char parameter Example: SELECT * from table where example = 'Example' • SQL Injection into a Numeric parameter Example: SELECT * from table where id = 123 Exploitation of SQL Injection vulnerabilities is divided into classes a