The attack targets web applications which receive input from an external source and subsequently uses them in SQL statements. More specifically the attack will exploit these applications if they fail to implement strong input validation routines and filtering of escape characters.
I have included a simple example of a logon form which is vulnerable to a SQL Injection attack. The SQL statement that will process the user logon looks like this:
SELECT * FROM clients WHERE clientname = ‘ ” + clientname + ” ‘;”
This statement will select the client from the clients table when the clientname equals the value provided by the external user. This value will be a valid clientname.
So how would an attacker perform a SQL Injection attack against this logon form? If the attacker were to provide the value of ’1′ OR ’1′ = ’1′ the SQL statement would become:
SELECT * FROM clients WHERE clientname = ’1′ OR ’1′ = ’1′;
Popularity: 1%
