04 Jul 2018
Inline Queries SQL Injection (SQLi)
04 Jul 2018
OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05
When a string is written in the code instead of in a table in the database, it is referred to as “inline SQL”. The best way is to use string objects to build a query based on user input from the front end. Inline SQL exposes the command to SQL injection. The outcome can have catastrophic repercussions on the server including massive data breach.
Example
The below code is an example of an inline structure.
$query = 'select usrnme, passwrd from User where user_id='. $_POST['user_id'];
Here user_id is taken from the textbox. This technique leaves the door open for attackers to attack. Using this query with SQLi, an attacker could potentially gain access to the administrator’s credentials.
Impact and Fixes
Latest Articles
IMAP/SMTP injection
September 12 2023
7 limitations of vulnerability scanners
September 10 2023
Clickjacking attack
September 10 2023
Session Fixation Attack
July 30 2023
Vulnerability management using AI
June 29 2023
Popular in Injection
WordPress Authenticated SQL Injection
June 29 2022
SQL injection(SQLi)
May 4 2022
Union Query SQL Injection (SQLi)
July 4 2018
Stacked Queries SQL Injection (SQLi)
July 4 2018
Inline Queries SQL Injection (SQLi)
July 4 2018
Categories
Client Side URL Redirect Cookies Attributes IBM SQL Injection Injection Time Based Blind SQL Injection SSL CRLF Content Security Policy CSRF HSTS CORS Information Leakage status code SRI metadata X-XSS-Protection owasp XSS Clickjacking Cookies Directory traversal DOM XSS Blind SQL Injection XML Injection blog TLS WordPress web security SMB Cyber attacks AI Web server Data Security DOMECTF2020 Container security CMS Security Code Execution Htaccess Bypass DOMECTF2021 Press Webinar RFI DevSecOps DOMECTF2022 openssl HTTP headers Compliance AppSec
Related Articles
