SQL Injection (SQLi) attacks pose a dangerous condition because of the level of control an attacker can gain. The main concern that SQL database administrators should have with SQLi attacks follow the CIA outline: unauthorized access to an application being gained, information being disclosed, data availability being lost, and data integrity being compromised.
Structured Query Language (SQL) is nearly universal and is the language used to drive Microsoft SQL Server, Oracle, MySQL. SQLi attacks are popular because they control the backend of the application and are not dependent of the frontend GUI or other software technology.
Countless user input web forms are available on the Internet. And, if not properly coded, they are open to weaknesses which can be exploited by hacking tools downloaded via the Internet. Website features such as contact us forms, shopping carts, support requests, search boxes, and login boxes are all susceptible to SQLi attacks. These forms must allow some type of user based input to bypass endpoints and firewalls to pass through to directly access the database. Even if the web developer/web administrator or systems security professional are consistent with patches, hotfixes, and whatnots, SQLi only requires port 80 to be open which is also the port that is required to be open for the public to view the web application. Antivirus and malware scanners also do not pick up SQLi attacks because SQLi attacks do not contain virus or malware definitions. SQLi attacks do not run against the operating system of the web server or database server. SQLi attacks the web applications.
By using a SQLi attack, an attacker can bypass an application’s authentication and have unauthorized access to user accounts, passwords, and any other information stored in the database tables. Potentially, the attacker has the capability to alter the database(s) to their choosing. Thus, a SQLi attack could generate a widespread data leak. The attacker can script the database to directly leak data, script the database to leak data by proxy, or hold data for ransom.
By controlling the database(s) and the data, the attacker also holds the power to limit availability of the data to the database. The attacker can cause unexpected interrupted disruptions in database access, cause the infrastructure of online software to become offline, and completely disrupt business by corrupting an AD/DS database. Compromised data integrity goes hand-in-hand with a concern of data availability. An attacker with full control of a database can manipulate data with false entries, delete records, and drop tables from the databases of the database server.