Abstract: This SQL injection is a software vulnerability that occurs when data entered by users is sent to the sql interpreter as a part of SQL query. Attackers provide specially crafted input data to the SQL interpreter and trick the interpreter to execute unintended commands. Attackers utilize this vulnerability by providing specially crafted input data to the SQL interpreter in such a manner that the interpreter is not able to distinguish between the intended commands and the attacker’s specially crafted data. The interpreter is tricked into executing unintended commands. A SQL injection attack exploits security vulnerabilities at the database layer. By exploiting the SQL injection flaw, attackers can read, modify or delete sensitive data.

Keywords: Attacker, database, query, injection.