SQL Injection (SQLi) refers to an injection attack in which an attacker can execute malicious SQL statements that also control the database server of a web application (also known as a Relational Database Management System - RDBMS ). Because an SQL Injection vulnerability could affect any Web site or Web application that uses an SQL-based database, the vulnerability is one of the oldest, most frequent, and most dangerous Web application vulnerabilities.
Taking advantage of a SQL Injection vulnerability, given the right circumstances, an attacker can use it to avoid mechanisms for authentication and authorization of a web application and retrieve the contents of a complete database. SQL Injection can also be used to add, modify and delete records in a database, affecting the integrity of the data.
SQL Injection can provide an attacker with unauthorized access to sensitive data including customer data, personally identifiable information (PII), trade secrets, intellectual property and other sensitive information.
SQL Injection is a code injection technique used to attack data-based applications in which nefarious SQL statements are inserted into an input field for execution (for example, to dump the contents of the database to the attacker) . SQL injection should exploit a security vulnerability in an application's software, for example, when user input is incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not written strongly and Is executed unexpectedly. SQL injection is primarily known as an attack vector for websites but can be used to attack any type of SQL database.
SQL injection attacks allow attackers to falsify identity, manipulate existing data, cause repudiation problems such as nullifying transactions or changing balances, allowing complete disclosure of all system data, destroying data or making them base server of data. In a 2012 study, it was noted that the average web application received 4 attack campaigns per month, and retailers received twice as many attacks as other industries.