A3:2021 | SQL Injection Intro (7) | Cycubix Docs

Consequences of SQL injection

A successful SQL injection exploit can:

  • Read and modify sensitive data from the database

  • Execute administrative operations on the database

    • Shutdown auditing or the DBMS

    • Truncate tables and logs

    • Add users

  • Recover the content of a given file present on the DBMS file system

  • Issue commands to the operating system

SQL injection attacks allow attackers to

  • Spoof identity

  • Tamper with existing data

  • Cause repudiation issues such as voiding transactions or changing balances

  • Allow the complete disclosure of all data on the system

  • Destroy the data or make it otherwise unavailable

  • Become administrator of the database server

Last updated