SQL injection
SQL injection is the second most common vulnerability of web applications, after XSS. The attack involves entering malicious SQL code into a query that gets executed on the database. It could result in data theft, by dumping database content, or the destruction of data, say, by using the DROP TABLE
command.
If you are familiar with SQL, then you can understand the following piece of code; it looks up an email address based on the given username
:
name = request.GET['user'] sql = "SELECT email FROM users WHERE username = '{}';".format(name)
At first glance, it might appear that only the email address corresponds to the username
mentioned as the GET
parameter will be returned. However, imagine if
an attacker entered ' OR '1'='1'
in the form field, then the SQL code would be as follows:
SELECT email FROM users WHERE username = '' OR '1'='1';
Since this WHERE
clause will always be true, the emails of all the users of your application will be returned. This can be a serious leak of...