Skip to main content

SQL Injection (SQLi)

The DB query is built by concatenating user text.

Category: Web · OWASP Top 10 🎯 Trench — The DB query is built by concatenating user text. You inject malicious SQL and the DB runs it as if it came from the backend. 🔗 Kill chain — Prerequisite: vulnerable parameter. Next: data extraction → auth bypass → RCE via INTO OUTFILE (MySQL) or xp_cmdshell (MSSQL) → system escalation. 📡 Defensive footprint — SQL errors in HTTP response, anomalous response times (blind SQLi), multiple requests with ' OR 1=1 or variants. WAF detects basic signatures trivially. ⚠️ False friend — Running sqlmap with default flags in production. Generates thousands of requests, fires the WAF in seconds and bans your IP within the first minute. 🛡️ Remediation — Prepared statements always. Never concatenate. ORM used properly (no raw()).

Back to the full glossary Last updated: 2026-06-11