What Is SQL Injection Attack (SQLi) / How SQL Injection Works - SQL Injection - Part 1

Posted by Suraj Singh on March 14, 2017 · 13 mins read
Hello readers,

                                                        Today, We Will Discuss About SQL Injection Attack (also known as SQLi attack). And How SQL injection works.

so, let's start our discuss,


Q 1. What Is SQL Injection Attack?

Ans . SQL injection is one type of vulnerability in web server. In Which, Attacker Can Insert

different type of SQL statements, syntax and commands (also commonly refers to as a malicious

payload.) and can also execute that statements on server.

With This Attack, A Attacker can control a web application's database server or you can say

Relational Database Management System. That's why, this is very dangerous vulnerability,

One Of The Oldest, And Easy To Exploit Vulnerability (Because Many Types Of Injections

Frameworks and scripts are already developed by many hackers and also available on internet , free
- of - cost).

By Using This Vulnerability, Any Attacker Can Do Many Things But Some Of Them Given Below,

  • Get Controls Of Server,
  • Get Access To Database,
  • Bypass Login Authentication Mechanism,
  • Retrieve Sensitive Data From Database,
  • Adding, Modifying and Deleting Contents in database,
  • And Many More Things.

Now, Our Second Question Is

Q 2. How SQL Injections Works?


In Order To Insert Malicious SQL Query Statements, an attacker must needs to find an input with

in web application or in html page that is included inside of an SQL query.

For A Successful Attack, an attacker need to insert malicious codes in a input place from where,

vulnerable site takes input directly, and includes them within an SQL statement.


After Successful sql injection, an attacker can easily insert a payload that will do attacker work

more easy.


let me show you some practical codes examples

Code 1.

Simple authentications codes.

# Codes Start From Here
# Define POST variables
# THis Is For Username
uname = request.POST['username']

# This Is For Password
passwd = request.POST['password']

# SQL query vulnerable to SQL Injection attack
sql = SELECT id FROM users WHERE username=’” + uname + “’ AND password=’” + passwd + “’”

# Execute the SQL statement With SQLi Codes

# Code Ends HEre

The above example is a vulnerable example.


an attacker could submit malicious input in such a way 


would alter the SQL statement being executed by the database server.

A simple example of an SQL Injection payload could be something 

as simple as 

setting the password field to password’ OR 1=1.

This would result in the following SQL query being run against the database server.

SELECT id FROM users WHERE username=username AND password=password OR 1=1

Q 3. Tools For SQL Injection Attacks?


readers, Here I Am Sharing Some Tools Name And Download Links But 

Note : I Will Not Take Any Type Of Responsibility Of Any Type Of illegal Activity.


So, readers, I think this is Enough For Today,

In My Next Tutorial, You Will See More Deep Details About SQL Injections.

written by ssb

For More Update, Visit Our Regularly. 
And Subscribe Our Blog, 

Follow Us and share it.
For Any Type of Suggestion Or Help
Contact me: