A code injection technique that exploits security vulnerabilities in database queries.
SQL Injection (SQLi) is one of the most common and dangerous web application vulnerabilities. It occurs when an attacker can insert or "inject" malicious SQL code into queries that an application sends to its database.
When a web application uses user-supplied input in SQL queries without proper sanitization, an attacker can manipulate the query to:
| Type | Description | Detection Difficulty |
|---|---|---|
| In-band SQLi | Results returned directly in the response | Easy |
| Blind SQLi | No visible error messages, inferred from behavior | Medium |
| Out-of-band SQLi | Data exfiltrated through separate channel | Hard |
A vulnerable login form might construct a query like:
SELECT * FROM users WHERE username = '$input' AND password = '$password'An attacker could input: ' OR '1'='1' -- to bypass authentication.
Use KaliGPT to identify SQL injection vulnerabilities in your code and generate secure alternatives. 0Day Coder can help write automated SQLi detection scripts.
A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
An attack that forces authenticated users to submit unwanted requests to a web application.
A security system that monitors and filters HTTP traffic to protect web applications.
A standard awareness document listing the top 10 most critical web application security risks.