SQL Injection (SQLi)
The DB query is built by concatenating user text.
Category: Web · OWASP Top 10 🎯 Trench — The DB query is built by concatenating user text. You inject malicious SQL and the DB runs it as if it came from the backend. 🔗 Kill chain — Prerequisite: vulnerable parameter. Next: data extraction → auth bypass → RCE viaINTO OUTFILE (MySQL) or
xp_cmdshell (MSSQL) → system escalation.
📡 Defensive footprint — SQL errors in HTTP response, anomalous
response times (blind SQLi), multiple requests with ' OR 1=1
or variants. WAF detects basic signatures trivially.
⚠️ False friend — Running sqlmap with default flags in
production. Generates thousands of requests, fires the WAF in
seconds and bans your IP within the first minute.
🛡️ Remediation — Prepared statements always. Never
concatenate. ORM used properly (no raw()).
← Back to the full glossary Last updated: 2026-06-11