Statements (67)
| Predicate | Object |
|---|---|
| gptkbp:instance_of |
gptkb:Web
|
| gptkbp:category |
Security.
|
| gptkbp:countermeasures |
Use ORM frameworks.
|
| gptkbp:description |
A code injection technique that exploits a security vulnerability occurring in the database layer of an application.
|
| gptkbp:difficulty_levels |
gptkb:High
|
| gptkbp:discovered_by |
1998.
|
| gptkbp:environmental_initiatives |
Educate developers on secure coding practices.
|
| gptkbp:example |
Login forms, search fields.
An attacker can submit a malicious SQL query to manipulate the database. |
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-89
|
| gptkbp:impact |
Allows attackers to interfere with the queries that an application makes to its database.
|
| gptkbp:is_common_in |
Web applications.
|
| gptkbp:is_referenced_in |
OWASP Top Ten.
|
| gptkbp:is_vulnerable_to |
Manipulating SQL queries.
Untrusted user input. |
| gptkbp:name |
SQL Injection
|
| gptkbp:notable_case |
Adobe data breach.
Anthem data breach. Ashley Madison breach. British Airways data breach. Capital One breach. Capital One data breach. Cedar data breach. Centrica data breach. Cleveland Clinic data breach. Cox Communications data breach. Equifax data breach. Experian data breach. Facebook Messenger data breach. Facebook data breach. Fling data breach. Heartland Payment Systems breach. Home Depot data breach. Linked In data breach. MGM Resorts data breach. Marriott International data breach. Marriott data breach. My Fitness Pal data breach. Quora data breach. Reddit data breach. Scripps Health data breach. Snapchat data breach. Sony Play Station Network breach. T-Mobile USA data breach. T-Mobile data breach. Target Corporation data breach. Target data breach. Twitter data breach. Uber data breach. Yahoo data breach. Zynga data breach. e Bay data breach. |
| gptkbp:prevention |
Input validation and sanitization.
Use parameterized queries or prepared statements. |
| gptkbp:provides_support_for |
Any system using SQL databases.
|
| gptkbp:related_cwe |
gptkb:CWE-601
gptkb:CWE-74 gptkb:CWE-77 gptkb:CWE-20 |
| gptkbp:related_to |
gptkb:CWE-601
gptkb:CWE-74 gptkb:CWE-77 gptkb:CWE-20 |
| gptkbp:type |
Injection.
|
| gptkbp:bfsParent |
gptkb:CWE-200
gptkb:CWE-74 |
| gptkbp:bfsLayer |
8
|