Detections
Analytics
SQL Injection
Description
A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Web App Scanning | Web Applications | Authenticated Scan | HTTP/HTTPS | SQL Injection | Plugin ID: 98115 |
References
Attack Path Technique Details
Framework: OWASP
Family: Injection
Technique: SQL Injection
Sub-Technique: SQL Injection
Platform: Web Application
Products Required: Tenable Web App Scanning
Tenable Release Date: 2022 Q2