From 5650ddb8ac9f64bb4c449112fcde38b10fd22981 Mon Sep 17 00:00:00 2001
From: Tyler Perkins <tperki17@kent.edu>
Date: Mon, 28 Feb 2022 16:00:01 -0500
Subject: [PATCH] Update for 28-02-22 16:00

---
 tech/databases.wiki | 1 -
 tech/security.wiki  | 2 ++
 tech/sqli.wiki      | 9 +++++++++
 3 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 tech/sqli.wiki

diff --git a/tech/databases.wiki b/tech/databases.wiki
index 08b3326..1a7a036 100644
--- a/tech/databases.wiki
+++ b/tech/databases.wiki
@@ -6,7 +6,6 @@ network, with caching and other optimizations.
 == Database Design Principle ==
 
 
-
 == SQL ==
 
 See [[../lang/sql]]
diff --git a/tech/security.wiki b/tech/security.wiki
index 6ef1c66..f392f3a 100644
--- a/tech/security.wiki
+++ b/tech/security.wiki
@@ -53,6 +53,8 @@ Hiding information
 Try setting the HTTP `Host` header value to `internal-ip:80` where internal ip
 is the ip address of a device inside of the target network
 
+* [[sqli]]
+
 
 
 
diff --git a/tech/sqli.wiki b/tech/sqli.wiki
new file mode 100644
index 0000000..2d73cd2
--- /dev/null
+++ b/tech/sqli.wiki
@@ -0,0 +1,9 @@
+= SQLI =
+
+SQLI or SQL injection is a type of attack where sql is placed into a field in
+an application, as is directly passed to a DBMS.
+
+An attack typically works by prematurely terminating a text string and
+appending a new command. Because the inserted command may have additional
+strings appended to it before it is executed, SQLI attack string generally end
+with a comment or `--`.