SQL Injection Attack

SQL Injection Attack

Structured Query Language (SQL) is a database language designed and used for managing records in Rational Database Management Systems (RDBMS). SQL injection is a type of cyber attack that uses malicious SQL code (SQL injection code) to exploit vulnerabilities in the any SQL Database to obtain or manipulate to access information that may include valuable number of items, lists customer details, customer’s credit card numbers, sensitive company’s data, or username and password of customers / service users.

Hacker conducts SQL injection attack by inserting malicious code into a web form field or manipulate website’s code with injection code or searching for SQL vulnerability using SQL Injection tools in the operating system (i.e Kali Linux) for special exploit. Hacker search for web pages that is login page, registration page, search forms and other webpage forms, within any form code <form> and </form> in between the form is parameter to discover the vulnerability and later use injection code along with common SQL commands. A hacker might get access to all the user names and passwords in a database, by simply inserting 105 OR 1=1 or blah’ or 1=1– into the input field on a web page to test for SQL vulnerabilities.

Blind SQL Injection

SQL vulnerability test code: http://webpagename/index.php?id=blah’ or 1=1–  | 105 OR 1=1 |  blah’ or 1=1–    or similar SQL commands may allow a hacker to bypass login or flesh rows of table in database or even all tables in a database

 

Similar articles:

2 Methods For Hacking MySQL Database

Best SQL Injection Tools for Hacking SQL Database

Cross-site Scripting Attack

Software Privacy

Web Jacking & Domain Name Hijacking

 

 

Olalekan Admin

Cyber Security Engineer

Leave a Reply

Your email address will not be published.