Cyber security news for all

More

    SQL is one of the simplest attack vectors on company data

    Relational database management system such as Microsoft SQL servers are among the most popular in the market. Since they are considered to be very reliable and avoid inconsistencies in the data records, they have been an established standard for databases in most companies for decades.

    The Structured Query Language database language is usually used to query and edit the data. For example, users communicate with a server using a product search mask in a web shop, which in turn queries a database and feeds the results back to the web shop as a search result.

    Microsoft SQL Is Very Simple To Attack

    One reason why SQL is so popular with hackers could be that it is a very simple attack. An eleven year old child was able to hack and manipulate a copy of the website for the presentation of the election results in the US in just ten minutes. On the other hand, defense measures are as simple as they are effective.

    Hackers Inject Any SQL Code Into The Database

    Regardless of the type of SQL injection involved, the attacker injects any SQL code into the database query of a web application. This can happen in several ways. The simplest form of attack is the user input. Web applications usually accept input through a form. The front end then forwards the input to the database in the back end for processing. If the web application does not clean up the input, it is possible to delete copy or change database contents using injected SQL inputs.

    Attackers can also change cookies so that they infect the query of the web application. Cookies store information about the client status on the local hard drive. As a rule, web applications load cookies to process this information. A malicious user or malware can modify them to inject SQL commands into the backend database. The same is possible using server variables such as HTTP headers. Fake headers that contain any SQL can inject this code into the database if the web application does not clean this input either.

    Recent Articles

    Judge issues injunction against WeChat

    The US government wanted to take action against the app WeChat. A judge stood sideways. The app should disappear from the platforms in the...

    Mail provider Tutanota becomes target of cyber attacks

    Over the weekend, ongoing DDoS attacks and an infrastructure problem resulted in downtime for hundreds of users. While some were able to mitigate most...

    Amazon accounts are the new target of cyber criminals

    Amazon is a popular target for cyber criminals who want to exploit the trust and image of the company among its customers with emails....

    Hackers stole thousands of passport data in Argentina

    In response to millions of dollars ransom refused by the Argentine Immigration Service, a ransomware group released passport data from hundreds of thousands of...

    USA wants to improve cybersecurity of space systems

    CISA has published a table this week that summarizes Chinese activities against cybersecurity. Some attacks have succeeded and enabled hackers to gain a foothold...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox