Question

A web application with an SQL server database is found to be compromised by an attacker. On examination, the email IDs of the database have been found modified. This was due to improper validation in the input fields exploited by the attacker. What is the probable attack in the above scenario

Answer 1

Answer:

This is what we call SQL Injection.

• SQL Injection is when an attacker compromises your database only if it is vulnerable.

• Vulnerability includes leaving an empty ""(value) or forgetting to close anything that could be attacked.

• Ways to prevent injection is to not use string concatenation.

(ex. "hello" + "world")

*  Use parameterized queries.

*   Immediately get rid of any unused code.