SQL injection is a type of injection attack.
Injection attacks occur when maliciously crafted inputs are submitted
by an attacker, causing an application to perform an unintended action.
Because of the ubiquity of SQL databases,
SQL injection is one of the most common types of attack on the internet.
If you only have time to protect yourself against one
vulnerability, you should be checking for SQL injection vulnerabilities
in your codebase!
What’s the worst thing that could happen when you suffer a SQL injection
Our example hack showed you how to bypass
the login page: a huge security flaw for a banking site. More complex attacks
will allow an attacker to run arbitrary statements on the database. In the past,
hackers have used injection attacks to:
Extract sensitive information, like Social Security numbers, or credit card details.
Enumerate the authentication details of users registered on a website, so these logins can be used in attacks on other sites.
Delete data or drop tables, corrupting the database, and making the website unusable.
Inject further malicious code to be executed when users visit the site.