SQL injection is the most common threat to Data base system. It lead to loss of very secured or confidential data. It is nothing but the unauthorized access to data systems or accounts.
The following are the risks associated with SQL Injection:
- By Passing Authentication :
It is most important to focus on By Passing Authentication during the penetration test because the attacker can access to the database just like an authorized user and he can perform his desired tasks on the data base.
- Identifying Injectable Parameters :
The attacker will collect the information about the structure of the back-end database of a web application and he will include the dynamic content in to the web site. This may lead the visitors to install malicious code and may redirect to the malicious site.
- Executing Remote Commands :
Executing these remote commands will provide attackers a tool to execute arbitrary commands on the database.
For example, a remote user can execute stored database procedures and functions from a remote SQL interactive interface.
- Denial of Service :
The attacker can flood the server with requests so that he will the authority to stop the service to valid users, or he can delete some data.
- Database Finger Printing :
The attacker can determine the type of database used in backend so that he can use database-specific attacks that corresponds to weakness in a particular DBMS.
Don’t stop now and take your learning to the next level. Learn all the important concepts of Data Structures and Algorithms with the help of the most trusted course: DSA Self Paced. Become industry ready at a student-friendly price.
- SQL Injection
- Basic SQL Injection and Mitigation with Example
- How to use SQLMAP to test a website for SQL Injection vulnerability
- Mitigation of SQL Injection Attack using Prepared Statements (Parameterized Queries)
- Calculate Median in MySQL
- Difference between BCNF and 4NF in DBMS
- Relational Query Evaluation | Set 2
- Relational Query Evaluation | Set 1
- Difference between CouchDB and Redis
- Full join and Inner join in MS SQL Server
- Difference between Impala and MongoDB
- Difference between Couchbase and Redis
- Result Serializability in DBMS
- Difference between Oracle and Cassandra
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.