Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Category:SQL injection"
From NetSec
(Created page with "<br />") |
|||
| Line 1: | Line 1: | ||
| − | + | '''[[SQL]] injection''' is a method of [[Web Exploitation|exploiting web applications]] performed over [[HTTP|'''http''' or '''https''']] to compromise the underlying [[Databasing engine|database engine]] supporting dynamic content for the [[Web applications|web application]] itself. Successful exploitation of an [[SQL]] injection [[Vulnerability|vulnerability]] can result in the attacker gaining unfettered access to the [[Database|database]] and can lead to further [[Privilege escalation|privilege escalation]]. | |
| + | |||
| + | '''Typically, databases include things like (but not limited to):''' | ||
| + | * [[Authentication credential]]s | ||
| + | * Other identifying information about a user (like an [[IP address]]) | ||
| + | * Site configurations | ||
| + | * Site content and themes | ||
| + | * Communications between users within the site | ||
| + | |||
| + | {{prereq|[[SQL]] and [[SQL Orientation|manipulation of SQL data]]}} | ||
Revision as of 18:44, 19 November 2012
SQL injection is a method of exploiting web applications performed over http or https to compromise the underlying database engine supporting dynamic content for the web application itself. Successful exploitation of an SQL injection vulnerability can result in the attacker gaining unfettered access to the database and can lead to further privilege escalation.
Typically, databases include things like (but not limited to):
- Authentication credentials
- Other identifying information about a user (like an IP address)
- Site configurations
- Site content and themes
- Communications between users within the site
| SQL injection requires a basic understanding of SQL and manipulation of SQL data |
This category currently contains no pages or media.
