This is simply the act of injecting your own, home-brewed SQL commands into an existing web-script, allowing you to manipulate the database however you wish. There are different ways to use SQL injection:
Bypassing log-in verification
Adding a new Admin account
Lifting passwords
Lifting credit card information
Accessing any and every part of the database
Of course, these will only work if the SQL used in the website is vulnerable. An example is a log in script that simply takes the username and password input (without filtering it) and compares it with the user’s value from its database in order to check the input’s validity. This might seem like a really simple-minded way of authenticating log in credentials, but real programmers use it in real-world scenarios. Don’t ask us why.
No comments:
Post a Comment