You are conducting a penetration test on a web application recently purchased by the HR department of your employer. You find that when creating a new user account in the Web UI you can delete data from the database by entering '; DROP TABLE Users' into the field for the user account. What type of vulnerability have you discovered?
This is a Structured Query Language (SQL) injection. SQL is a standard language for relational database management. It's common for an application to take data from a user, create a SQL script and pass this to the underlying database. When an application has a SQL injection vulnerability the application is not validating user input to check for SQL. This allows a malicious user to send SQL commands through the application and into the database for execution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of input validation in defending against SQL injection?
Open an interactive chat with Bash
How does a SQL injection attack impact a database?
Open an interactive chat with Bash
What is the difference between SQL injection and XML injection?