DDoSPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

Security Research Center

SQL Injection

SQL injection is an attack targeting web applications taking advantage of poor application coding where the inputs are not sanitized therefore exposing application vulnerabilities. SQL injection is the most famous type of injection attacks which also count LDAP or XML injections. The idea behind a sql injection is to modify an application SQL (database language) query in order to access or modify unauthorized data or run malicious programs. Most web applications indeed rely on databases where the application data is stored and being accessed by SQL queries and modifications of these queries could mean taking control of the application. An attacker would for example be able to access the application database with administrator access, run remote commands on the server, drop or create objects in the database and more.

For instance, the sql query below, aiming  at authenticating users, is common in web applications:
myQuery=  ”SELECT * FROM userstable WHERE username = 'userinput1' and password ='userinput2';”

- Replacing userinput1 by: ‘OR 1=1’); -- would result in granting the attacker access to the database without knowing the real username and password as the assertion “1=1” is always true and the rest of the query is being ignored by the comment character (- - in our case).

Replacing the userinput1 by ' OR 1=1"); drop table users;-- would additionally drop the application users table.

 

DDoSPedia Index

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center