Wiki

User Tools

Site Tools

Trace: static_ip get_gpu_information force_use_of_llvmpipe custom_syntax_highlighting install_citrix_receiver elo_rating evaluation export_users_with_grants split_a_.pem_file sqli_sql_injection
programming:sqli_sql_injection

This is an old revision of the document!

SQLi (SQL Injection)

All SQL Injection is due to dynamic SQL queries. Strongly consider prohibiting dynamic SQL queries completely.

Injection flaws occur when an application sends untrusted data to an interpreter. Injection flaws are very prevalent, particularly in legacy code. They are often found in SQL, LDAP, Xpath, or NoSQL queries; OS commands; XML parsers, SMTP Headers, program arguments, etc. Injection flaws are easy to discover when examining code, but frequently hard to discover via testing. Scanners and fuzzers can help attackers find injection flaws.

Basic types of SQL injections

Check if a website is vulnerable to SQL Injection

Example attacks

False measures and bad practices

Primary Defenses

What is SQL Injection

Why not to use escape quotes as a defence

programming/sqli_sql_injection.1574605001.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki