Cyber security news for all


    SQL is one of the simplest attack vectors on company data

    Relational database management system such as Microsoft SQL servers are among the most popular in the market. Since they are considered to be very reliable and avoid inconsistencies in the data records, they have been an established standard for databases in most companies for decades.

    The Structured Query Language database language is usually used to query and edit the data. For example, users communicate with a server using a product search mask in a web shop, which in turn queries a database and feeds the results back to the web shop as a search result.

    Microsoft SQL Is Very Simple To Attack

    One reason why SQL is so popular with hackers could be that it is a very simple attack. An eleven year old child was able to hack and manipulate a copy of the website for the presentation of the election results in the US in just ten minutes. On the other hand, defense measures are as simple as they are effective.

    Hackers Inject Any SQL Code Into The Database

    Regardless of the type of SQL injection involved, the attacker injects any SQL code into the database query of a web application. This can happen in several ways. The simplest form of attack is the user input. Web applications usually accept input through a form. The front end then forwards the input to the database in the back end for processing. If the web application does not clean up the input, it is possible to delete copy or change database contents using injected SQL inputs.

    Attackers can also change cookies so that they infect the query of the web application. Cookies store information about the client status on the local hard drive. As a rule, web applications load cookies to process this information. A malicious user or malware can modify them to inject SQL commands into the backend database. The same is possible using server variables such as HTTP headers. Fake headers that contain any SQL can inject this code into the database if the web application does not clean this input either.

    Recent Articles

    Related Stories