O'Reilly logo

Real-World Bug Hunting by Peter Yaworski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

9SQL INJECTION

Image

When a vulnerability on a database-backed site allows an attacker to query or attack the site’s database using SQL (Structured Query Language), it is known as a SQL injection (SQLi). Often, SQLi attacks are highly rewarded because they can be devastating: attackers can manipulate or extract information or even create an administrator login for themselves in the database.

SQL Databases

Databases store information in records and fields contained in a collection of tables. Tables contain one or more columns, and a row in a table represents a record in the database.

Users rely on SQL to create, read, update, and delete records in a ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required