SQL Injection Attack

SQL Injection Attack

Author Name : Monika Anand, Pooja Nagpal

ABSTRACT: SQL injection is a specialized form of input validation that attempts to manipulate the application’s database by issuing raw SQL statements. A SQLIA vulnerability is a type of security hole that is found in a multi-tiered application; it is where an attacker can trick a database server into running an arbitrary, unauthorized, unintended SQL query by piggybacking extra SQL elements on top of an existing, predefined query that was intended to be executed by the application. The application, which is generally, but not necessarily, a web application, accepts user input and embeds this input inside an SQL query. This query is sent to the application’s database server where it is executed. By providing certain malformed input, an attacker can manipulate the SQL query in such a way that its execution will have unintended consequences.