Vivisecting the Database
SQL injection payloads do not confine themselves to eliciting errors from the database. If an attacker is able to insert arbitrary SQL statements into the payload, then data can be added, modified, and deleted. Some databases provide mechanisms to access the file system or even execute commands on the underlying operating system.
Extracting Information with Stacked Queries
Databases hold information with varying degrees of worth. Information like credit-card numbers have obvious value. Yet, credit cards are by no means the most valuable information. Usernames and passwords for e-mail accounts or online games can be worth more than credit cards or bank account details. In other situations, the content of the database ...
Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
