What is the SQL Injection?
SQL injection is a trick that can exploits the Security Vulnerablity occurring in the DB layer of the system.
Vulnerability means when user input is either incorrectly filtered for string literals,Escape Characters like < ,>,",',\,&. embedded in Sql statements.
The SQL injection occurs when user input is not filtered for Escape Characters like < ,>,",',\,& and these Escape Character are passed into a Sql statement. This results in the manipulation of the statements performed on the database by the end user .
Example:
Sql Statement
"SELECT * FROM userimfromation WHERE name = '" + userName + "';"
this Statement Work against to get the username
if the User will provide s' or 'm'='m as the Usename
then new statement from is
"SELECT * FROM userimfromation WHERE name = ' s' or 'm'='m ' ;
so by this statement we are applying condition if any one condition is true it ll excute the Statement
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment