Consequences of SQL injection

A successful SQL injection exploit can:

• Read and modify sensitive data from the database

• Execute administrative operations on the database

  • Shutdown auditing or the DBMS

  • Truncate tables and logs

  • Add users

• Recover the content of a given file present on the DBMS file system

• Issue commands to the operating system

SQL injection attacks allow attackers to

• Spoof identity

• Tamper with existing data

• Cause repudiation issues such as voiding transactions or changing balances

• Allow the complete disclosure of all data on the system

• Destroy the data or make it otherwise unavailable

• Become administrator of the database server