These attacks occur when the hacker uses specially crafted SQL questions or commands to execute malicious activities on the victim system. This weakness exists when there is no validation of input when a database query is made via the Internet. The worst thing is that SQL attacks, like most other input validation attacks, can be executed easily through a browser. Most Web sites on the Net rely heavily on the safety of their online database information. Naturally, any breath in their security would lead to damage in the form of financial loss, customer dissatisfaction, or possible law suits etc.
Obviously, the first step for a SQL injection attack is to find a vulnerable target. Attackers would be on the alert for online, forms, such as login prompts, search enquiries, guest books, feedback forms, and so on, through which users submit data to the remote system. Another potential target would be any reference to dynamic pages or scripts, like ASP, PHP, CGI, and their like. The following HTML code is a vulnerable target for a SQL injection attack because it lets the user submit information and also refers to an ASP file:
<form action="script/login.asp" method="post" name="LoginForm">
<input value="text" name="username" value="username"></input>
<input value="password"= name="password" value="password"></password>
</form>
Uncovering illegitimate records, bypassing security features and carrying our malicious codes on the remote victim system are all possible for an attacker who has located a vulnerable SQL server. The most common examples, of SQL injection attacks are examined in the following sections. It should always be kept in mind, however, that there are a larger number of such attacks.
Obviously, the first step for a SQL injection attack is to find a vulnerable target. Attackers would be on the alert for online, forms, such as login prompts, search enquiries, guest books, feedback forms, and so on, through which users submit data to the remote system. Another potential target would be any reference to dynamic pages or scripts, like ASP, PHP, CGI, and their like. The following HTML code is a vulnerable target for a SQL injection attack because it lets the user submit information and also refers to an ASP file:
<form action="script/login.asp" method="post" name="LoginForm">
<input value="text" name="username" value="username"></input>
<input value="password"= name="password" value="password"></password>
</form>
Uncovering illegitimate records, bypassing security features and carrying our malicious codes on the remote victim system are all possible for an attacker who has located a vulnerable SQL server. The most common examples, of SQL injection attacks are examined in the following sections. It should always be kept in mind, however, that there are a larger number of such attacks.
0 comments:
Post a Comment