SQL Injection
Vulnerabilities 🚨
•
Difficulty: free
Definition
SQL Injection is a web security vulnerability that allows attackers to manipulate a website’s database by injecting malicious SQL queries.
Examples
- An attacker enters `' OR '1'='1` into a login field to bypass authentication.
- A search box fails to sanitize user input, allowing an attacker to retrieve all entries in the database.
Overview
SQL Injection is one of the most well-known and dangerous web application vulnerabilities. It occurs when user input is improperly handled and passed directly into an SQL query, allowing an attacker to interfere with the application’s communication with its database. Successful attacks can lead to unauthorized data access, data modification, or even full system compromise depending on the privileges assigned to the database account.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.