SQL injection can be classified into three major categories:
#Blind sql injection tool update#
Update: update User set age = 30 where id = 1 It will update the age of the user with id equal to 1 on the table User.Insert: insert into User (id, name, surname, age) values (1, ‘John’, ‘Doe’, 25) It will add a new user to the table User with the given values.Select: select * from User where name = ‘John’ It will select all users from the table User with the name equal to John.SQL statements are used to perform tasks such as update, insert, delete or retrieve data from a database. It is the standard language for relational database management systems.
Structured Query Language (SQL) is used to communicate with a database. SQL injection impact can be measured by observing the following parameters that attackers are intended to overcome: SQL injection can be a big threat to web applications. The seriousness of the attack can rank from very simple to very high, allowing attackers with good knowledge of the SQL language and DBMS capabilities to perform serious damage to organisations. SQL injection is a very popular, powerful and dangerous attack. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
#Blind sql injection tool series#
The index of this series of articles can be found here.Ī SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application.