When a vulnerability on a database-backed site allows an attacker to query or attack the site’s database using SQL (Structured Query Language), it is known as a SQL injection (SQLi). Often, SQLi attacks are highly rewarded because they can be devastating: attackers can manipulate or extract information or even create an administrator login for themselves in the database.

SQL Databases

Databases store information in records and fields contained in a collection of tables. Tables contain one or more columns, and a row in a table represents a record in the database.

Users rely on SQL to create, read, update, and delete records in a ...

Get Real-World Bug Hunting now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.