vimwiki/tech/sqli.wiki

10 lines
386 B
Plaintext

= SQLI =
SQLI or SQL injection is a type of attack where sql is placed into a field in
an application, as is directly passed to a DBMS.
An attack typically works by prematurely terminating a text string and
appending a new command. Because the inserted command may have additional
strings appended to it before it is executed, SQLI attack string generally end
with a comment or `--`.