SQL Injection (SQLI)

Description

During the scan, Kayran managed to find an SQL Injection vulnerability. SQL Injection (SQLI) is a security vulnerability that allows a user to inject SQL commands into the database engine from a vulnerable web application. The attacker can exploit the query passed to the back-end database to pull, delete and change sensitive information on the database from the website itself.

SQL Injection can cause a leak of sensitive information of users for example. In some cases, the attacker can modify or delete the data, causing persistent changes to the application’s content or behavior. SQL injection emerges because the user input fields aren’t being checked correctly at the web application and that allows an SQL quarry to pass through and directly into the database.

By abusing the data input mechanisms of an application, an attacker can abuse the generated SQL query to their advantage, which can lead to destructive events. Although SQL Injection is known as a type of attack mostly used against websites, it can occur in all applications that are based on SQL databases.
SQL Injection attacks can be performed by injecting SQL commands into SQL queries of web applications.
A successful SQL injection attack allows a malicious programmer to access the web application’s database and manage it.

Recommendation

In order to prevent this vulnerability from happening, make sure that the input coming from the user is correct and does not contain any SQL based codes or queries.

References

https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

< Return to all Vulnerabilities

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »

Browser Exploitation

We know that it’s possible to exploit weaknesses (or vulnerabilities) that exist in anything, from a certain code to the entire application, let’s talk about

Read More »

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 30,000+ vulnerabilities.Kayran’s mission is to make

Read More »