SQL injections are an attack form on the Internet that make use of security vulnerabilities in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever a programming or scripting language is embedded inside another.
So, it basically may give you options to manipulate the database of the service or retrieve information from it, something which no one without proper authorization should be able to do. It is therefore or utmost importance that web developers protect their applications against this attack from by making sure that everything is properly escaped.
SQL Injection Attacks by Example gives you a detailed view how experts used the technique to break into systems of companies that hired them to perform security tests on company networks or properties.
There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.
The example addresses provides you with the following information and examples.
A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration.
This step by step guide can be useful in getting a basic understanding on how security experts analyze a network, website or computer system. In this instance, it details how a security company successfully managed to gain access using SQL injections. The chapter about mitigating the attack can be especially helpful to system and web administrators to learn about ways to protect their properties against the attack form.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.