An SQL injection is often used
to attack the security of a website by inputting SQL statements in a
web form to get a badly designed website to perform operations on the
database (often to dump the database content to the attacker) other
than the usual operations as intended by the designer. SQL injection
is a code injection technique that exploits a security vulnerability
in a website's software.
Blind SQL Injection is used when a web
application is vulnerable to an SQL injection but the results of the
injection are not visible to the attacker. The page with the
vulnerability may not be one that displays data but will display
differently depending on the results of a logical statement injected
into the legitimate SQL statement called for that page. This type of
attack can become time-intensive because a new statement must be
crafted for each bit recovered. There are several tools that can
automate these attacks once the location of the vulnerability and the
target information has been established.
Tidak ada komentar:
Posting Komentar