Is your site vulnerable?
If a SQL injection vulnerability exists on a website, the consequences can be very severe. Hackers can use this to gain administrator access, read and modify your database, and steal sensitive information. SQL injection works by using poorly coded SQL statements to do something they were not intended to do.
SQL InjectionFortunately, SQL injection is very easy to prevent. Simply sanitize user input, and there won’t be any problems. What is surprising though, is that hackers have been using this attack for years and many developers still don’t take precautions to prevent it. Just a few months ago, hackers used the techniques in the above article, which was posted 6 years ago, to hack the United Nations website.
A very rudimentary experiment by Michael Sutton showed that a shocking 11.3% of websites are vulnerable to this attack. If you consider that the script only examined a small part of each website, and it excluded sites vulnerable to blind SQL injection, that number is likely even higher.
A more in depth explanation can be found here.
