Many web developers are unaware of how SQL queries can be tampered with, and assume that an SQL query is a trusted command. It means that SQL queries are able to circumvent access controls, thereby bypassing standard authentication and authorization checks, and sometimes SQL queries even may allow access to host operating system level commands.
Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, or to override valuable ones, or even to execute dangerous system level commands on the database host. This is accomplished by the application taking user input and combining it with static parameters to build an SQL query. The following logs examples are based on true stories, unfortunately.
 |
| Secure website, 81 test sql injection has been blocked. |
 |
| Website vulnerable, all sql injection pass through. |
fyna 
0 comments:
Post a Comment
We are not responsible for comments expressed within this site. It is the account holder's personal views and all risks of comments posted his own account owner's responsibility. Comments wisely as it showed your maturity.
Click to see the code!
To insert emoticon you must added at least one space before the code.