Locked What is SQL Injection & its Attacks

[dEEpEst]

What is SQL Injection & its Attacks 

SQL injection is a type of web application vulnerability where an attacker can manipulate and submit a SQL command to retrieve the database information. This type of attack mostly occurs when a web application executes by using the user-provided data without validating or encoding it. It can give access to sensitive information such as social security numbers, credit card numbers, or other financial data to the attacker and allows an attacker to create, read, update, alter, or delete data stored in the backend database. It is a flaw in web applications and not a database or web server issue. Most programmers are still not aware of this threat.

Attacks :
On the basis of application used and the way it processes user supplied data, SQL injection can be used to implement the attacks mentioned below:
Authentication bypass : Here the attacker could enter into the network without providing any authentic user name or password and could gain access over the network. he or she gets the highest privilege in the network.
Information disclosure : After the unauthorized entry into the network, the attacjer gets access to sensitive data stored in the database.
Compromised data integrity : The attacker changes the main content of the website and also enters malicious content into it.
Compromiused availibility of data : The attacker uses this type of attack to delete the data related to audit information or any other crucial database information.
Remote code execution : An attacker could modify, delete, or create data or even can create new accounts with full user rights on the server that shares files and folders. It allows an attacker to compromise the host operating system.