SQL Injection

One of the most common methods of hacking sites and programs, working with databases, based on the injection of an arbitrary SQL-query code.

Implementation of SQL, depending on the type of database and the conditions of implementation, may allow an attacker to execute arbitrary database query (for example, to read the contents of any table, delete, change or add data) to be able to read and / or write local files and execute arbitrary commands on the target server.

Type of SQL injection attack may be possible due to incorrect processing of incoming data used in SQL-queries.