Section 01: SQL Injection Concepts

Concepts

SQL (Structured query language)

Structured Query Language, abbreviated as SQL,(/ˈsiːkwəl/ "sequel", /ˌɛsˌkjuːˈɛl/ (listen) S-Q-L; )[4][5] is a domain-specific language used in programming and designed for managing data held in a relational database management system (RDBMS), or for stream processing in a relational data stream management system (RDSMS).

SQL (Structured query language) injection

In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

RCE (Remote code execution)

In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution.

Links

• https://en.wikipedia.org/wiki/SQL

• https://en.wikipedia.org/wiki/SQL_injection

• https://en.wikipedia.org/wiki/Arbitrary_code_execution