What is SQL injection?

Discussion in 'other firewalls' started by phantumdude, Sep 16, 2007.

Thread Status:
Not open for further replies.
  1. phantumdude

    phantumdude Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    5
    HI all. i wanna know what an SQL injection is. IS it a type of attack?
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
  3. phantumdude

    phantumdude Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    5
    actually m having a doubt whether SQL injection means altering the contents of the database. Is there a possibility of any intruder changing the contents of a public database server??.....for eg: changing the contents of the webpage hosted by me?!?!
     
  4. kenshi

    kenshi Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    18
    Location:
    New York
    Yes and I think you are referring to the following kind of attack

    Assume you have the following URL

    http://www.mydomain.com/products/products.asp?productid=123

    It is safe to assume that the "productid" parameter is a key to some record in a database. A hacker will then then replace "123" with SQL logic that could either return private data or corrupt databases. The hackers are hoping that the web developers is not checking to see if the productid has a valid entry.

    See the following URL for more info

    http://www.imperva.com/application_defense_center/glossary/sql_injection.html
     
Loading...
Thread Status:
Not open for further replies.