2022-02-28 21:00:01 +00:00
|
|
|
= SQLI =
|
|
|
|
|
|
|
|
|
|
SQLI or SQL injection is a type of attack where sql is placed into a field in
|
|
|
|
|
an application, as is directly passed to a DBMS.
|
|
|
|
|
|
|
|
|
|
An attack typically works by prematurely terminating a text string and
|
|
|
|
|
appending a new command. Because the inserted command may have additional
|
|
|
|
|
strings appended to it before it is executed, SQLI attack string generally end
|
|
|
|
|
with a comment or `--`.
|
2022-02-28 21:15:01 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
== Also see ==
|
|
|
|
|
|
|
|
|
|
Also see [[sql]]
|
