Why are SQL injection and query string manipulation gaining in cybercrime popularity?
SQL injection, along with the related manipulation of query strings, is widely cited as one of the most popular ways of hacking into a network or system that utilizes the conventional relational database. (Read When SQL Isn't Enough: Controls for Massive New Data Centers.)
There are a number of reasons for this. First of all, the use of SQL injection to get unauthorized access to database contents doesn't require any special tools. Secondly, it can be done right through the Internet.
By manipulating a query string that goes from a web form to a host system, hackers can do all sorts of things, including getting the database to dump its data. Wherever these incoming inputs are not properly authenticated and validated, it’s extremely easy to make your way into a database remotely.
You don't have to crack a password or figure out a way around encryption or anything else — the hacker just enters the altered query statement and runs amok in the system.
In addition, as some experts point out, hackers can fingerprint databases through careful research. It's relatively easy in many cases to figure out what type of database a network is using, and again, this can all be done from any connected computer.
Essentially, query string manipulation is as simple as adding alphanumeric characters to a string. It's one of the simplest, most straightforward and most effective types of database hacking around. Contrast this with something like a denial of service attack or a ransomware attack, both of which require sophisticated planning, and you'll see why SQL injection is so popular. (Read How Should Businesses Respond to a Ransomware Attack?)
There are ways of locking out hackers — of disabling SQL injection, but vulnerabilities are so common that they represent a big open barn door to hackers. Spoofing and social engineering are also popular, but SQL injection doesn’t even require the hacker to trick any human user! It just involves looking for the right pressure point, and using it.
Share this Q&A
Tags
Written by Justin Stoltzfus | Contributor, Reviewer
Justin Stoltzfus is a freelance writer for various Web and print publications. His work has appeared in online magazines including Preservation Online, a project of the National Historic Trust, and many other venues.
More Q&As from our experts
- What is the appeal of NoSQL databases and what pushes companies to move toward implementing them?
- What are the biggest uses of SQL today?
- What does defragmentation do for SQL systems?
Related Terms
- SQL As A Service
- SQL Injection
- Relational Database
- Oracle Certified Professional
- Black Hat Hacker
- SQL Injection Attack
- SQL Injection Tool
- Cybercrime
- Query String
- SPARQL Protocol And RDF Query Language
Related Articles
NoSQL 101
Digging Deeper Into NoSQL Concepts
The Truth About Cybersecurity
Biometrics: New Advances Worth Paying Attention To
Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
- The Business' Guide to Building Responsible AI
- The CIO Guide to Information Security
- Robotic Process Automation: What You Need to Know
- Data Governance Is Everyone's Business
- Key Applications for AI in the Supply Chain
- Service Mesh for Mere Mortals - Free 100+ page eBook
- Do You Need a Head of Remote?
