SQL Injection
A database stores data and organizes it in some sort of logical manner. Oracle and Microsoft SQL are popular examples of database management systems that allow users to create multiple types of databases used to store, query, and organize data in creative ways.
Structured Query Language, which is better known as SQL, is the underlining common programing language that is understood by most database management systems. It provides a common way for application to access the data in the database by using a common set of commands the database can understand.
Attackers exploit these databases by making them output information that they should not be displaying. Sometimes this is as simple as the attacker asking for privileged information from the database management system. Other times, it is taking advantage of poor configurations by database administrators. Attackers may also take advantage of a vulnerability in the database management system that allows the attacker to view or write...
