SQL injection is one of the top ten web site and web application exploits, according to OWASP, the Online Web Application Security Project. I use Wordfence, a popular security plugin on my website, and occasionally Wordfence sends sends reports like the one below. Double clicking on the picture will open it in a photo viewer, and allow you to see it full size.
What we see here are two concurrent automated attacks from two different IP addresses in China. A sample of the injection code looks like this:
x=Execute (” Execute …
%=Execute (” Execute …
a=Execute (” Execute …
SQL injection or SQLi is a popular topic for cybersecurity certification exam questions, which is why I am writing this article. There are links below to resources at OWASP and from the Portswigger blog that can help you learn more about SQLi and how to recognize it.
Of course, if you operate, support, or design web sites and web applications, SQLi should be at the top of your list, too. SQLi can be used to examine a database, copy and exfiltrate database records, and maliciously modify database information (think changing all your prices to one cent), or delete tables and entire databases. SQLi can be used to interfere with application instructions as well.
Check out the excellent article on PortSwigger if you want to go deeper on this topic.
- OWASP SQL Injection
- OWASP Top 10
- PortSwigger SQL post
- W3 Schools SQL Tutorial
- PC & Network Downloads – SQL Cheat Sheet