SQL-injection vulnerabilities

Authors

Abstract

SQL injection (SQLi) is an injection attack that allows interfering with the queries a program makes to its database, and as the name suggests, the queries happen through the standardized SQL query language. Often, this allows an attacker to view data they wouldn't typically have access to, such as data belonging to other users, or any other data the program itself has access to. Despite there being other types of injection vulnerabilities (HTTP header injection, code injection, command injection, etc.), SQLi is more widely known and attractive for attackers when targeting web applications. Below, we will discuss vulnerability statistics and the consequences of SQLi implementation [1].

SQLi vulnerability can affect any website or web application that uses an SQL database, such as MySQL, Oracle, SQL Server, or others. SQL is a query language that manages data stored in relational databases, and it can be used to access, delete, or modify data. In some cases, it's possible to use SQL commands to execute operating system commands. Considering that a significant portion of websites and web applications store all data in SQL databases, a successful SQLi attack can have very serious consequences.

The scope of injection usage is quite broad. Criminals can exploit this vulnerability to gain unauthorized access to your confidential data: customer information, personal data, trade secrets, intellectual property, etc. Therefore, successful implementation of SQLi can compromise confidentiality (private user or company data), integrity (making changes to the system or deleting information from it), authentication (potential connection to the system as another user without prior knowledge of the password), and authorization (changing authorization information if it is stored in the SQL database).

Downloads

Download data is not yet available.

References

OWASP Top Ten | OWASP Foundation. OWASP Foundation, the Open Source Foundation for Application Security | OWASP Foundation. URL: https://owasp.org/www-project-top-ten/ (дата звернення: 21.05.2023).

What is SQL Injection (SQLi) and How to Prevent At-tacks. Acunetix. URL. https://www.acunetix.com/websitesecurity/sql-injection/ (дата звернення: 21.05.2023).

The SQL Injection Threat & Recent Retail Breaches : Ponemon Institute. Ponemon Institute. URL: https://www.ponemon.org/research/ponemon-library/security/the-sql-injection-threat-recent-retail-breaches.html (дата звернення: 21.05.2023).

What is SQL injection - Examples & prevention | Malware-bytes. Malwarebytes. URL: https://www.malwarebytes.com/sql-injection (дата звернення: 21.05.2023).

Challenges and Issues of Modern Science

Downloads

Published

2023-06-06

Issue

Vol. 1 (2023): Challenges and Issues of Modern Science

Section

Information technology and project management

License

Copyright (c) 2024 Challenges and Issues of Modern Science

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

All articles published in the journal Challenges and Issues of Modern Science are licensed under the Creative Commons Attribution 4.0 International (CC BY) license. This means that you are free to:

  • Share, copy, and redistribute the article in any medium or format
  • Adapt, remix, transform, and build upon the article

as long as you provide appropriate credit to the original work, include the authors' names, article title, journal name, and indicate that the work is licensed under CC BY. Any use of the material should not imply endorsement by the authors or the journal.

How to Cite

Klymenko, S., & Tremba, I. (2023). SQL-injection vulnerabilities. Challenges and Issues of Modern Science, 1, 411-415. https://cims.fti.dp.ua/j/article/view/80

Share