Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "Category:SQL injection"

From NetSec
Jump to: navigation, search
(Created page with "<br />")
 
Line 1: Line 1:
<br />
+
'''[[SQL]] injection''' is a method of [[Web Exploitation|exploiting web applications]] performed over [[HTTP|'''http''' or '''https''']] to compromise the underlying [[Databasing engine|database engine]] supporting dynamic content for the [[Web applications|web application]] itself.  Successful exploitation of an [[SQL]] injection [[Vulnerability|vulnerability]] can result in the attacker gaining unfettered access to the [[Database|database]] and can lead to further [[Privilege escalation|privilege escalation]].
 +
 
 +
'''Typically, databases include things like (but not limited to):'''
 +
* [[Authentication credential]]s
 +
* Other identifying information about a user (like an [[IP address]])
 +
* Site configurations
 +
* Site content and themes
 +
* Communications between users within the site
 +
 
 +
{{prereq|[[SQL]] and [[SQL Orientation|manipulation of SQL data]]}}

Revision as of 17:44, 19 November 2012

SQL injection is a method of exploiting web applications performed over http or https to compromise the underlying database engine supporting dynamic content for the web application itself. Successful exploitation of an SQL injection vulnerability can result in the attacker gaining unfettered access to the database and can lead to further privilege escalation.

Typically, databases include things like (but not limited to):

  • Authentication credentials
  • Other identifying information about a user (like an IP address)
  • Site configurations
  • Site content and themes
  • Communications between users within the site
SQL injection requires a basic understanding of SQL and manipulation of SQL data


This category currently contains no pages or media.