SQL Injections, which have been appearing in the OWASP Top-10 for years, are basically unsanitized user input vulnerabilities. These maliciously complied SQL statements are used to illegally communicate with the application’s database for harvesting information, manipulating data and in many cases even assuming full control of the application data.
The most common exploitations take place via log-in fields of unprotected web and mobile applications. Since all modern applications (web and mobile) use centralized databases to deliver and render information, such hacking opportunities exist in many leading e-commerce, social and financial websites and applications.
Read More
