9SQL INJECTION

Image

When a vulnerability on a database-backed site allows an attacker to query or attack the site’s database using SQL (Structured Query Language), it is known as a SQL injection (SQLi). Often, SQLi attacks are highly rewarded because they can be devastating: attackers can manipulate or extract information or even create an administrator login for themselves in the database.

SQL Databases

Databases store information in records and fields contained in a collection of tables. Tables contain one or more columns, and a row in a table represents a record in the database.

Users rely on SQL to create, read, update, and delete records in a ...

Get Real-World Bug Hunting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.