Definition Of SQL Injection By Wikipedia:
SQL
injection is a technique often used to attack databases through a
website. This is done by including portions of SQL statements in a web
form entry field in an attempt to get the website to pass a newly formed
rogue SQL command to the database (e.g. dump the database contents to
the attacker). SQL injection is a code injection technique that exploits
a security vulnerability in a website's software. The vulnerability
happens when user input is either incorrectly filtered for string
literal escape characters embedded in SQL statements or user input is
not strongly typed and unexpectedly executed. SQL commands are thus
injected from the web form into the database of an application (like
queries) to change the database content or dump the database information
like credit card or passwords to the attacker. SQL injection is mostly
known as an attack vector for websites but can be used to attack any
type of SQL database.
Definition Of SQL Injection By OWASP:
A
SQL injection attack consists of insertion or "injection" of a SQL
query via the input data from the client to the application. A
successful SQL injection exploit can read sensitive data from the
database, modify database data (Insert/Update/Delete), execute
administration operations on the database (such as shutdown the DBMS),
recover the content of a given file present on the DBMS file system and
in some cases issue commands to the operating system. SQL injection
attacks are a type of injection attack, in which SQL commands are
injected into data-plane input in order to effect the execution of
predefined SQL commands.
Definition Of SQL Injection By NamelessWiki:
SQL
Injection is a type of code injection and is a very common way to
attack a website (or application which uses a database) which uses SQL
statements containing content supplied from user input which is not
properly sanitised. It can be used to dump the contents of a database or
to modify the contents inside of one.
No comments:
Post a Comment