SQLi, Part 2: The Anatomy of a SQL Injection Attack

An SQL injection needs just two conditions to exist – a relational database that uses SQL, and a user controllable input which is directly used in an SQL query. In the example below, it shall be assumed that the attacker’s goal is to exfiltrate data from a database by exploiting a SQL injection vulnerability present in a web application.

Read full news article on Dzone