What is SQL Injection
SQL Injection
Vulnerable computer systems and applications:
Web pages, network applications.
Description:
SQL Injection is a common way to take over web pages and programs that work with databases. The override is based on inserting a specific SQL code into the query. Such a query, depending on the database management system and other things, may allow to:
- Read the contents of the tables;
- Remove, change, and add data to a table;
- Read (write) files on the server that is being attacked;
- Execute commands on the attacked server.
Recommendations:
- Ensure high quality programming of information systems;
- Filter SQL query strings and numbers.