A3:2021 | SQL Injection Intro (7) | Cycubix Docs

Consequences of SQL injection

A successful SQL injection exploit can:

• Read and modify sensitive data from the database
• Execute administrative operations on the database
  • Shutdown auditing or the DBMS
  • Truncate tables and logs
  • Add users
• Recover the content of a given file present on the DBMS file system
• Issue commands to the operating system

SQL injection attacks allow attackers to

• Spoof identity
• Tamper with existing data
• Cause repudiation issues such as voiding transactions or changing balances
• Allow the complete disclosure of all data on the system
• Destroy the data or make it otherwise unavailable
• Become administrator of the database server