Home News Tech

What is SQL Injection

By Admin
Updated: min read
Table of Contents
What is SQL Injection

On this occasion I will discuss the meaning of sql injection, for those of you who are in the field of hacking, maybe you are already familiar with this technique, but what about those who are still laymen or who just want to be involved in the world of hacking? well that's why I wrote this article, so please see it directly.

SQL (Structured Query Language) is a language used to query, operate and manage database systems. The use of sql in general in all database systems is the same, but there are some differences specific to each database system.


Definition of SQL Injection

SQL Injection is a technique that exploits a security hole in an application's database, so when a user makes input, but by the system the user input character is not filtered correctly which will result in an sql gap. a simple example in the username and password column, the user should only be able to enter letters and numbers, but if it has a sql gap then the user can enter characters like - "= so that the user can enter the sql query to see the contents of the database.

SQL Injection is still the favorite hacking technique used by attackers, SQL Injection is quite easy to do because there are still many websites out there that have this security hole and there are still many developers who are not aware of this gap. In general, the effects of this SQL Inejction are:

  • Allows attackers to enter the application with admin rights without using the application admin account.
  • Allows the attacker to change, add, delete data in the database
  • Allows the attacker to shut down the database


The Aim of the Sql Injection Attack

Bypass Authentication

This technique allows the attacker to bypass the login or enter the system with administrative rights without having to have a valid username and password.

Information Theft

This technique allows the attacker to get sensitive information on the database such as login password username, client user data, client personal data etc.

Compromised Data Integrity

The attacker can make changes to the database, with this technique the attacker can deface or enter dangerous content

Compromised Data Availability

This technique allows the attacker to delete information in the database in order to destroy logs or audit information in the database

Remote Command Execution

Allows an attacker to perform an executable command via the database to be executed on the server operating system