SQL Injection (SQLI)

Description

SQL injection (SQLI) is a security vulnerability that allows a user to inject SQL commands into the database engine from a vulnerable web application.

The attacker can exploit the query passed to the back-end database to pull sensitive information, delete and change information on the database from the website itself.

Bussines Impact

SQL Injection can cause a leak of sensitive information of users for example. In some cases, the attacker can modify or delete the data, causing persistent changes to the application’s content or behavior.

SQL injection emerges because the user input fields aren’t being checked correctly at the web application and that allows an SQL quarry to pass through and directly into the database.

Recommendation

In order to prevent this vulnerability from happening, make sure that the input coming from the user is correct and does not contain SQL code

More Details

By abusing the data input mechanisms of an application, an attacker can abuse the generated SQL query to their advantage, which can cause destructive events.

Although SQL Injection is known as a type of attack mostly used for websites, it can occur in all applications based on SQL databases.
SQL Injection attack can be defined as injecting SQL commands into SQL queries of web applications. A successful SQL injection attack allows a malicious programmer to access a web application database and manage it.

Reference

https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

What is Kayran

Kayran scanner is helping all businesses, both SMBs and enterprises, to test their online assets and products for over 9000 vulnerabilities.Kayran’s mission is to make

Read More »

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »