10 lines
386 B
Plaintext
10 lines
386 B
Plaintext
|
= SQLI =
|
||
|
|
|
||
|
|
SQLI or SQL injection is a type of attack where sql is placed into a field in
|
||
|
|
an application, as is directly passed to a DBMS.
|
||
|
|
|
||
|
|
An attack typically works by prematurely terminating a text string and
|
||
|
|
appending a new command. Because the inserted command may have additional
|
||
|
|
strings appended to it before it is executed, SQLI attack string generally end
|
||
|
|
with a comment or `--`.
|