What Is SQL INJECTION?

SQL Injection is a technique used to take advantage of un-sanitized input vulnerability to pass SQL commands through a web application for execution by a backend database. The SQL injection is a basic attack used to either gain unauthorized access to a database or retrieve information directly from the database. It's a flow in web application not a database or web server issue.

TYPES OF SQL INJECTION

Attackers use various technique to view, manipulate, insert and delete data from an application database,Depending upon the technique used.Attackers use SQL INJECTION attack in many different ways by poisoning SQL query.
There are three main types of SQL INJECTION:


IN-BASED SQL INJECTION: 

An attacker use the same communication channel to perform the attack and retrieve the results.In-based attacks are commonly used and easy to exploit SQL Injection attacks. Most commonly used in-based SQL Injection are error based and SQL Injection and union SQL Injection.

BLIND SQL INJECTION:

In blind injection, the attacker has no error messages from the system with which to work. Instead the attacker simply sends a malicious SQL query to the database. This type of SQL Injection take longer time to execute because the result returned is in the form of boolean. Attacker use the true or false results to know the structure of the database and the data. In case of inferential SQL injection, no data is transmitted through the web application, and it id not possible for an attacker to retrieve the actual result of the injection. Therefore it is called blind SQL injection.


OUT OF BAND SQL INJECTION:

Attacker use different communication channels (such as database email functionality, or file writing and loading functions) to perform the attack and obtain the results. This types of attack is difficult to perform because the attacker needs to communicate with the server and acquire features of the database server used by the web application.

You can follow us on twitter, Instagram,telegram and reddit for Cyber Security update