| Popis: |
Structured Query Language (SQL) injection attacks have evolved immensely over the previous years even though the underlying vulnerability that leads to SQL injection remains the same. SQL injection vulnerabilities enable an attacker to manipulate the database commands executed by a Web application. For many Web sites, databases drive dynamic content, store product lists, track orders, maintain user profiles, or conduct some very central duty for the site, albeit one that occurs behind the scenes. These sites execute database commands when users perform all sorts of actions, which also affect the type of command to be executed. SQL injection exploits change a database command from the developer's original intent to an arbitrary one chosen by the attacker. A query for one record might be changed to a query for all records. An insertion of new information might become a deletion of an entire table. In extreme cases, the attack might jump out of the database onto the operating system itself. |
