A Classification of SQL Injection Attacks and Countermeasures

This paper (A Classification of SQL Injection Attacks and Countermeasures) has an excellent section on Injection mechanisms – the way that sql code is modified to actually perform the injection attack – the attack vectors – user inputs

  • cookies
  • server variables
  • second order injection (seeding an sql injection into a database in order for that attack to be triggered later)

A section on attack intent, outlines the various reasons for an attacker to want to exploit the database:

Leave a Reply