💉 SQL Injection (SQLi)

📌 Description

SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It can allow attackers to view data they are normally not able to retrieve, and even modify or delete data.

🔍 Common Vectors

Authentication Bypass: Using payloads like admin' # or ' OR 1=1 -- to skip password checks.
Data Extraction: Using UNION SELECT to retrieve data from other tables.
Error-Based: Forcing the database to reveal information through error messages.

🛠️ Mitigations

Parameterized Queries: Use prepared statements (e.g., PDO in PHP).
Input Validation: Only allow expected characters.
Least Privilege: Ensure the database user has limited permissions.

📅 Appointment

🛡️ Cyber with KT Vault

Explorer

SQL_Injection

💉 SQL Injection (SQLi)

📌 Description

🔍 Common Vectors

🛠️ Mitigations

Graph View

Table of Contents

Backlinks

🛡️ Cyber with KT Vault

Explorer

SQL_Injection

💉 SQL Injection (SQLi)

📌 Description

🔍 Common Vectors

🛠️ Mitigations

🏷️ Related Machines

Graph View

Table of Contents

Backlinks