Posts Tagged ‘SQL’

SQL Injection Attack explained!

July 11, 2010 4 comments

We need a medic here!

From OWASP, A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. Some days ego, Pirate Bay was hacked by an SQL Injection Attack.

So let me explain how an SQL Injection Attack occurs by using an example. We have a website which allows users to post their high scores for a game.

A form for a user to enter Name and Score
Read more…

Categories: Programming Tags: ,