Cyber security news for all

More

    SQL is one of the simplest attack vectors on company data

    Relational database management system such as Microsoft SQL servers are among the most popular in the market. Since they are considered to be very reliable and avoid inconsistencies in the data records, they have been an established standard for databases in most companies for decades.

    The Structured Query Language database language is usually used to query and edit the data. For example, users communicate with a server using a product search mask in a web shop, which in turn queries a database and feeds the results back to the web shop as a search result.

    Microsoft SQL Is Very Simple To Attack

    One reason why SQL is so popular with hackers could be that it is a very simple attack. An eleven year old child was able to hack and manipulate a copy of the website for the presentation of the election results in the US in just ten minutes. On the other hand, defense measures are as simple as they are effective.

    Hackers Inject Any SQL Code Into The Database

    Regardless of the type of SQL injection involved, the attacker injects any SQL code into the database query of a web application. This can happen in several ways. The simplest form of attack is the user input. Web applications usually accept input through a form. The front end then forwards the input to the database in the back end for processing. If the web application does not clean up the input, it is possible to delete copy or change database contents using injected SQL inputs.

    Attackers can also change cookies so that they infect the query of the web application. Cookies store information about the client status on the local hard drive. As a rule, web applications load cookies to process this information. A malicious user or malware can modify them to inject SQL commands into the backend database. The same is possible using server variables such as HTTP headers. Fake headers that contain any SQL can inject this code into the database if the web application does not clean this input either.

    Recent Articles

    Unclear cyber attacks that target Covid-19 vaccine campaign

    Security researchers have discovered some cyber attacks that are targeted against the delivery of vaccine against COVID. The targeted attacks began in 2 months...

    New malware called Egregor is on the rise

    New malware is on the rise. The Egregor malware has only been in active for 2 months, but it is already becoming apparent that...

    Anyone with a smartphone can become a victim of cyber-mobbing

    Cyber-mobbing is becoming a huge risk in the current COVID crisis. According to a study, almost 20 percent of students in Germany are exposed...

    macOS Trojans: Traces lead to Vietnam

    Security researchers have discovered a new macOS Trojans. Behind this could be a well known hacker group that has spied on Vietnamese dissidents in...

    Court forces Tutanota to perform a surveillance function

    Tutanota email only stores its user mails in encrypted form and cannot read them itself. Tutanota is one of the few email providers that...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox