Cyber Security Center

What is SQL Injection


SQL Injection

Vulnerable computer systems and applications:

Web pages, network applications.

Description:

SQL Injection is a common way to take over web pages and programs that work with databases. The override is based on inserting a specific SQL code into the query. Such a query, depending on the database management system and other things, may allow to:

  • Read the contents of the tables;
  • Remove, change, and add data to a table;
  • Read (write) files on the server that is being attacked;
  • Execute commands on the attacked server.

 

Recommendations:

  • Ensure high quality programming of information systems;
  • Filter SQL query strings and numbers.