this post was submitted on 14 Feb 2025
501 points (99.2% liked)
Not The Onion
13611 readers
1447 users here now
Welcome
We're not The Onion! Not affiliated with them in any way! Not operated by them in any way! All the news here is real!
The Rules
Posts must be:
- Links to news stories from...
- ...credible sources, with...
- ...their original headlines, that...
- ...would make people who see the headline think, “That has got to be a story from The Onion, America’s Finest News Source.”
Comments must abide by the server rules for Lemmy.world and generally abstain from trollish, bigoted, or otherwise disruptive behavior that makes this community less fun for everyone.
And that’s basically it!
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
SQL injection is like this: you have something you can interact with on the browser like a form containing different values.
You hit a button and that value is sent and merged into a SQL query.
Say the value is an user ID and you're deleting an account, perhaps your own.
If the coder is incompetent the API will run this query: "DELETE FROM USERES WHERE ID = "
Which means that if you open the developer console, change the value field for that html ID you can break that SQL line and write more SQL, or you can delete other users based on their ID.
Essentially editing a frontend input allows that input to be ran directly by the SQL engine. It's like having full access.
So through that ID field you can inject more SQL code. There's multiple ways to do this, sometimes the URL itself on a website uses these query parameters like "&search=something” and the "something" is injected into the SQL string.
SQL injection is baby's first exploit, this method is like granting everyone DB access.