# SQL Injection SQL Injection (SQLi) is a web security vulnerability that allows an attacker to manipulate a website’s database by injecting malicious SQL queries. It occurs when an application improperly handles user input in SQL statements, leading to unauthorized access, data leaks, or even full database control. *** ### **Types of SQL Injection** 1. **In-Band SQLi (Classic)** * **Error-Based**: Extracts data via database errors. * **Union-Based**: Uses `UNION` to merge results from different tables. 2. **Inferential SQLi (Blind)** * **Boolean-Based**: Alters queries to return different responses. * **Time-Based**: Uses delays to infer data. 3. **Out-of-Band SQLi** * Uses external channels (DNS, HTTP) to exfiltrate data. *** ## Common Injection Points * **Web Forms** * Login, Signup, Search, Email Fields, Contact Forms * **Cookies, Session Data** * If cookies store SQL queries or user IDs without sanitization, they can be modified to trigger SQL injection. * **URL Query Parameters** * **HTTP Headers** * Some applications log user agent strings, referers, or other headers into a database. * **Log Files & Debugging Interfaces** * If logs are stored in the database and an attacker injects * **File Upload Fields** * If file metadata (e.g., filename, EXIF data) is inserted into a database. **Where SQLi Occurs in Queries:** * `WHERE` clause in `SELECT` statements (most common). * `UPDATE` statements (`SET` values or `WHERE` clause). * `INSERT` statements (values being inserted). * `ORDER BY` clause (used in sorting). *** ## **Impact of SQL Injection** * **Data theft**: User credentials, credit card details, sensitive info. * **Authentication bypass**: Logging in without valid credentials. * **Database takeover**: Extract, modify, or delete entire tables. * **Persistent backdoors**: Long-term system compromise. * **Regulatory fines & reputational damage**: GDPR violations, loss of user trust. *** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://web.tipsytux.in/server-side/sql-injection.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.