SQL Injection Attacks and Their types | Insecure

Page 1

SQL INJECTION ATTACKS AND THEIR TYPES

SQL INJECTION (SQLI) IS A TYPE OF CYBER ATTACK THAT EXPLOITS VULNERABILITIES IN WEB APPLICATIONS THAT USE STRUCTURED QUERY LANGUAGE (SQL). IT INVOLVES INJECTING MALICIOUS SQL CODE INTO A WEBSITE OR APPLICATION TO MANIPULATE THE DATABASE AND GAIN UNAUTHORIZED ACCESS TO SENSITIVE DATA.

IN-BAND (CLASSIC) SQL INJECTION

This type of attack is the most common and involves using the samechanneltoinjectmalicious SQL code and retrieve the results

INFERENTIAL (BLIND) SQL INJECTION

Inthistypeofattack,theattacker doesnotreceiveanyfeedback fromtheapplicationaboutthe successorfailureoftheattack, makingitmoredifficulttodetect.

OUT-OF-BAND SQL INJECTION

This type of attack involves using a different channel, such asemailorDNS,toretrievethe resultsoftheattack.

www.insecure.in

Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.