omnisecu.com free mcse ccna rhce linux java learning  
Home Knowldege Base FAQ Contact Us Sitemap
omnisecu.com free mcse ccna rhce linux java learning  
omnisecu.com free mcse ccna rhce linux java learning
Home » Knowledge Base » Security » SQL Injection Attacks
 

SQL Injection Attacks

 

SQL injection attack is another type of attack to exploit applications that use client-supplied data in SQL statements. Here malicious code is inserted into strings that are later passed to database application for parsing and execution. The common method of SQL injection attack is direct insertion of malicious code into user-input variables that are concatenated with SQL commands and executed. Another type of SQL injection attack injects malicious code into strings and are stored in tables. An SQL injection attack is made later by the attacker.

Following example shows the simplest form of SQL injection.

var UserID;
UserID = Request.form ("UserID");
var InfoUser = "select * from UserInfo where UserID = '" + UserID + "'";

If the user fills the field with correct information of his UserID (F827781), after the script execution the above SQL query will look like

SELECT * FROM UserInfo WHERE UserID = 'F827781'

Consider a case when a user fills the field with the below entry.

F827781; drop table UserInfo--

After the execution of the script, the SQL code will look like

SELECT * FROM UserInfo WHERE UserID = ' F827781';drop table UserInfo--

This will ultimately result in deletion of table UserInfo.

 
 
eXTReMe Tracker
back
next
 
Disclaimer | Feed Back | Trademarks | Knowledge Base | FAQ | Sitemap | Downloads
Copyright 2010 ©OmniSecu.com... Free Networking Tutorials, Free System Administration Tutorials and Free Security Tutorials