SQL Injection Detection & Defeating Tools
Author(s):
kartik rai
Keywords:
introduction, SQL Injection Attacks, URL filter, Web Application Vulnerability Scanner
Abstract
SQL injection is a form of attack that takes advantage of applications that generate SQL queries using user-supplied data without first checking or pre-processing it to verify that it is valid. The objective is to deceive the database system into running malicious code that will reveal sensitive information or otherwise compromise the server. By modifying the expected Web application parameters, an attacker can submit SQL queries and pass commands directly to the database. Many webpages take input from users, such as search terms, feedback comments or username and password, and use them to build a SQL query which is passed to the database. If these inputs are not validated, there is nothing to stop an attacker inputting malicious code, for example, that could instead instruct the database to delete a specific table of client records. Getting the SQL syntax right is not necessarily so simple and may require a lot of trial and error, but by adding additional conditions to the SQL statement and evaluating the Web application's output, an attacker can eventually determine whether, and to what extent, an application is vulnerable to SQL injection. If the code achieves an immediate result, it is an example of a first-order attack. If the malicious input is stored in a database to be retrieved and used later, such as providing input to a dynamic SQL statement on a different page, it is referred to as a second-order attack. Second-order attacks can be very successful because once data is in a database it is often deemed to be clean and so is not revalidated prior to use.
Article Details
Unique Paper ID: 142677

Publication Volume & Issue: Volume 2, Issue 6

Page(s): 90 - 93
Article Preview & Download


Share This Article

Conference Alert

NCSST-2021

AICTE Sponsored National Conference on Smart Systems and Technologies

Last Date: 25th November 2021

SWEC- Management

LATEST INNOVATION’S AND FUTURE TRENDS IN MANAGEMENT

Last Date: 7th November 2021

Go To Issue



Call For Paper

Volume 9 Issue 10

Last Date for paper submitting for March Issue is 25 March 2023

About Us

IJIRT.org enables door in research by providing high quality research articles in open access market.

Send us any query related to your research on editor@ijirt.org

Social Media

Google Verified Reviews

Contact Details

Telephone:6351679790
Email: editor@ijirt.org
Website: ijirt.org

Policies