An SQL injection needs just two conditions to exist – a relational database that uses SQL, and a user controllable input which is directly used in an SQL query. In the example below, it shall be assumed that the attacker’s goal is to exfiltrate data from a database by exploiting a SQL injection vulnerability present in a web application.
Read full news article on Dzone