SQL Injection: If you are vulnerable to SQL Injection, attackers can run arbitrary commands against your database.
SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).[1][2] SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
References: https://www.hacksplaining.com/exercises/sql-injection#/start
Written by Le Tuan Khoi
Having experience of 15+ years in the Software Industry and worked with Fortune 500 companies in consulting roles in 2020, Samar Patel has joined QKIT Softwarebeen using his creative vision and excellent insight into company management to enhance operations as the Chief Operations Officer (COO) of QKIT Software. Upon taking over the position, Samar started in the field of leadership at an early age, taking on multiple leadership roles in various large scale to stealth startups.
Nguyen Phu Quy
Nguyen Vinh Khanh
Le Tuan Khoi
