What is Sql Injection ?

SQL injection is nothing, just a failure to prevent the applications (web or software) database structure consistent. SQL injection is one of the most common and dangerous security threat in the software and web industry. SQL injections are dangerous because they are a open your close windows to hackers to enter in your system and perform whatever they want Ex: delete tables, exposing your users information's, modify databases etc.

SQL injection is not because of web hosting providers weak security system, SQL injection is a programming based issue, and it has nothing to do with Web hosting providers. It's completely a programmatic issue i.e programmer has forgot to handle the strings properly in its application or sometimes doesn't handled the dynamic queries and its variables correctly. Let me explain this in detail how SQL injection or any other web or application injection attack works?

Why SQL injection attacks occurs so frequently?

The answer is quite simple, SQL is most popular language for database management and all know, popularity makes drives risks. More people know the things, more vulnerabilities can be discovered. But this is partially true in case of SQL injection. I can understand sometimes loop hole or bug lies with the programming language but most of times its because of lack of sufficient knowledge. Most of us and programmers or web developers that suffers most are self learners.

What a hacker can do with SQL Injection attack ?

* ByPassing Logins
* Accessing secret data
* Modifying contents of website
* Shutting down the My SQL server

Basic Ex : If you got vulnerabilities on a site and want to login ,

www.himstar.info

You should put

a' or '1=1

in the field of user name and password like below image :

www.himstar.info

And happen like charm ! we got access.

www.himstar.info

In Next Tutorial We Discuss In Brief About SQL Attacks & Prevention.

Himanshu is a young engineer living in India. Currently working at Cognizant as a Senior Engineer. He is an ethical hacker & blogger too, doing lots of crazy stuff... If you seem interesting, go through his portfolio: www.himstar.info : "Open Source. Millions of open minds can't be wrong!

6 comments: On What is Sql Injection ?

Leave a reply:

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Site Footer

Sliding Sidebar

We are India’s largest Startup Community


We are team of ' Delhi Startups ' , most active startup community with strict spam policy.
We are making !deas happen..for future, business and jobs without charging anything, with connecting entrepreneurs.. It's a reason to trust on us.
Come and join or subscribe, we will defiantly give a reason to like us.

Our Facebook Page