5.7. SQL Injection

The nature of this type of vulnerability relates back to Section 5.2. In principle, SQL injection is very similar to XSS in that the object of the attack is to make the application interpret user input as having meaning beyond the data it represents. With XSS, the intent is to have that input executed as client-side code; with SQL injection, the goal is for input to be interpreted as an SQL query or part of one.

5.7.1. The Attack

Let’s say that an attacker wants to find out where a victim lives. This information is associated with the victim’s account on a particular website, but viewing access is restricted to users of the victim’s choosing which, naturally, excludes the attacker. The attacker knows the username of the victim, however, and tries to gain access to the victim’s account for their street address. Source code to log a user into this website could be as follows: