SQL injection is nothing, just a failure to prevent the applications (web or software) database structure consistent. SQL injection is one of the most common and dangerous security threat in the software and web industry. SQL injections are dangerous because they are a open your close windows to hackers to enter in your system and perform whatever they want Ex: delete tables, exposing your users information's, modify databases etc.
SQL injection is not because of web hosting providers weak security system, SQL injection is a programming based issue, and it has nothing to do with Web hosting providers. It's completely a programmatic issue i.e programmer has forgot to handle the strings properly in its application or sometimes doesn't handled the dynamic queries and its variables correctly. Let me explain this in detail how SQL injection or any other web or application injection attack works?
Why SQL injection attacks occurs so frequently?
The answer is quite simple, SQL is most popular language for database management and all know, popularity makes drives risks. More people know the things, more vulnerabilities can be discovered. But this is partially true in case of SQL injection. I can understand sometimes loop hole or bug lies with the programming language but most of times its because of lack of sufficient knowledge. Most of us and programmers or web developers that suffers most are self learners.
What a hacker can do with SQL Injection attack ?
* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server
Basic Ex : If you got vulnerabilities on a site and want to login ,
You should put
a' or '1=1
in the field of user name and password like below image :
And happen like charm ! we got access.
In Next Tutorial We Discuss In Brief About SQL Attacks & Prevention.