747:
injected into the legitimate SQL statement called for that page. This type of attack has traditionally been considered time-intensive because a new statement needed to be crafted for each bit recovered, and depending on its structure, the attack may consist of many unsuccessful requests. Recent advancements have allowed each request to recover multiple bits, with no unsuccessful requests, allowing for more consistent and efficient extraction. There are several tools that can automate these attacks once the location of the vulnerability and the target information has been established.
22:
1652:-based company that runs a large online supermarket site. The attack also affected seven business partners including supermarket chains Izumiya Co, Maruetsu Inc, and Ryukyu Jusco Co. The theft of data affected a reported 12,191 customers. As of August 14, 2010 it was reported that there have been more than 300 cases of credit card information being used by third parties to purchase goods and services in China.
3314:
1128:
against SQL injection might execute that stored SQL statement. This attack requires more knowledge of how submitted values are later used. Automated web application security scanners would not easily detect this type of SQL injection and may need to be manually instructed where to check for evidence that it is being attempted.
1342:) instead of embedding user input in the statement. A placeholder can only store a value of the given type and not an arbitrary SQL fragment. Hence the SQL injection would simply be treated as a strange (and probably invalid) parameter value. In many cases, the SQL statement is fixed, and each parameter is a
1977:
SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQLi Server will execute all syntactically
1323:
provide an object-oriented interface for queries over a relational database. Most, if not all, ORMs, automatically handle the escaping needed to prevent SQL injection attacks, as a part of the framework's query API. However, many ORMs provide the ability to bypass their mapping facilities and emit
1016:
respectively. If the original review loads with the "1=1" URL and a blank or error page is returned from the "1=2" URL, and the returned page has not been created to alert the user the input is invalid, or in other words, has been caught by an input test script, the site is likely vulnerable to an
1127:
Second-order SQL injection occurs when submitted values contain malicious commands that are stored rather than executed immediately. In some cases, the application may correctly encode a SQL statement and store it as valid SQL. Then, another part of that application without controls to protect
496:
This SQL code is designed to pull up the records of the specified username from its table of users. However, if the "userName" variable is crafted in a specific way by a malicious user, the SQL statement may do more than the code author intended. For example, setting the "userName" variable as:
746:
Blind SQL injection is used when a web application is vulnerable to a SQL injection, but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement
1119:, which would show the book review on a server running MySQL 4 and a blank or error page otherwise. The hacker can continue to use code within query strings to achieve their goal directly, or to glean more information from the server in hopes of discovering another avenue of attack.
2081:
Retailers suffer 2x as many SQL injection attacks as other industries. / While most web applications receive 4 or more web attack campaigns per month, some websites are constantly under attack. / One observed website was under attack 176 out of 180 days, or 98% of the
193:
SQL injection occurs when specially crafted user input is processed by the receiving program in a way that allows the input to exit a data context and enter a command context. This allows the attacker to alter the structure of the SQL statement which is executed.
1527:
In
February 2002, Jeremiah Jacks discovered that Guess.com was vulnerable to an SQL injection attack, permitting anyone able to construct a properly-crafted URL to pull down 200,000+ names, credit card numbers and expiration dates in the site's customer
114:
SQL Injection is a common security vulnerability that arises from letting attacker supplied data become SQL code. This happens when programmers assemble SQL queries either by string interpolation or by concatenating SQL commands with user supplied data.
79:, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. Document-oriented
2658:
1786:
On
November 4, 2013, hacktivist group "RaptorSwag" allegedly compromised 71 Chinese government databases using an SQL injection attack on the Chinese Chamber of International Commerce. The leaked data was posted publicly in cooperation with
808:
bookreviews. The query happens completely on the server; the user does not know the names of the database, table, or fields, nor does the user know the query string. The user only sees that the above URL returns a book review. A
605:
The following value of "userName" in the statement below would cause the deletion of the "users" table as well as the selection of all data from the "userinfo" table (in essence revealing the information of every user), using an
3001:
1299:
Depending solely on the programmer to diligently escape all query parameters presents inherent risks, given the potential for oversights in the process. To mitigate this vulnerability, programmers may opt to develop their own
1144:
reported that security experts were stunned that such a large company would be vulnerable to it. Techniques like pattern matching, software testing, and grammar analysis are some common ways to mitigate these attacks.
3165:
2980:
1371:
Limiting the permissions on the database login used by the web application to only what is needed may help reduce the effectiveness of any SQL injection attacks that exploit any bugs in the web application.
1358:
Integer, float, or
Boolean string parameters can be checked to determine if their value is a valid representation of the given type. Strings that must adhere to a specific pattern or condition (e.g. dates,
123:
This form of injection relies on the fact that SQL statements consist of both data used by the SQL statement and commands that control how the SQL statement is executed. For example, in the SQL statement
1887:
has a hacking program called SQL_MemCorrupt. It is described as injecting a table entry that causes a corruption error in an SQL database, then queries said table, causing an SQL database crash and core
2662:
456:
and this will select all person rows rather than just those named 'susan' whose age is 2. The attacker has managed to craft a data string which exits the data context and entered a command context.
2931:
2539:
3126:
2908:
2754:
3005:
1379:, a database logon could be restricted from selecting on some of the system tables which would limit exploits that try to insert JavaScript into all the text columns in the database.
1017:
SQL injection attack as the query will likely have passed through successfully in both cases. The hacker may proceed with this query string designed to reveal the version number of
2846:
2508:
2780:
2684:
1779:. The hackers claimed that they were trying to "raise awareness towards the changes made in today's education", bemoaning changing education laws in Europe and increases in
1626:. He gained access to the site's administrative control panel and exploited an SQL injection vulnerability that enabled him to collect user account information, including
1751:
On
October 1, 2012, a hacker group called "Team GhostShell" published the personal records of students, faculty, employees, and alumni from 53 universities, including
1157:
all characters that have a special meaning in SQL. The manual for an SQL DBMS explains which characters have a special meaning, which allows creating a comprehensive
2977:
3092:
2289:
2609:
1549:
On
September 19, 2007 and January 26, 2009 the Turkish hacker group "m0sted" used SQL injection to exploit Microsoft's SQL Server to hack web servers belonging to
755:
One type of blind SQL injection forces the database to evaluate a logical statement on an ordinary application screen. As an example, a book review website uses a
3208:
2210:
738:
function do not allow this for security reasons. This prevents attackers from injecting entirely separate queries, but doesn't stop them from modifying queries.
3047:
1561:
2877:
2809:
2923:
2263:
2531:
3752:
3118:
2900:
2591:
2058:
2404:
1718:
was hacked by LulzSec, most likely through use of SQL injection; the full process used by hackers to execute SQL injections was described in this
1692:
website that was able to extract 8% of the username/password pairs: 8,000 random accounts of the 9,000 active and 90,000 old or inactive accounts.
1964:
2758:
1591:, and two unnamed Russians with the theft of 130 million credit card numbers using an SQL injection attack. In reportedly "the biggest case of
3729:
1811:
In
October 2015, an SQL injection attack was used to steal the personal details of 156,959 customers from British telecommunications company
1554:
598:
If this code were to be used in authentication procedure then this example could be used to force the selection of every data field (*) from
2127:
1780:
2109:
3760:
2236:
1584:
503:
or using comments to even block the rest of the query (there are three types of SQL comments). All three lines have a space at the end:
61:
3028:
3201:
1854:
named to carry out an SQL injection. As a result of this cartoon, SQL injection is sometimes informally referred to as "Bobby Tables".
1799:
2500:
3692:
2788:
1338:
With most development platforms, parameterized statements that work with parameters can be used (sometimes called placeholders or
2956:
2688:
102:, began in the late 1990s. SQL injection was considered one of the top 10 web application vulnerabilities of 2007 and 2010 by the
3488:
2728:
1993:
Zhuo, Z.; Cai, T.; Zhang, X.; Lv, F. (April 2021). "Long short-term memory on abstract syntax tree for SQL injection detection".
3181:
2175:
2153:
730:
While most SQL server implementations allow multiple statements to be executed with one call in this way, some SQL APIs such as
3742:
1550:
414:. Many databases will ignore the text after the '--' string as this denotes a comment. The structure of the SQL command is now
2605:
2565:
1301:
1312:
3150:
2635:
3555:
3194:
1656:
3096:
2338:
2304:
2706:
602:
users rather than from one specific user name as the coder intended, because the evaluation of '1'='1' is always true.
3786:
3747:
3668:
3468:
2214:
1634:
3162:
3724:
3682:
3338:
2426:
1930:
1543:
3585:
3303:
1600:
1137:
1136:
An SQL injection is a well known attack and easily prevented by simple measures. After an apparent SQL injection
2813:
1978:
valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.
1826:
through an SQL injection attack. The vulnerability was introduced into the Gab codebase by Fosco
Marotto, Gab's
1719:
1546:
website and allegedly stole credit card data from individuals who have done business online with state agencies.
3570:
3448:
3343:
2267:
1940:
1827:
1768:
2869:
2448:
1324:
raw SQL statements; improper use of this functionality can introduce the possibility for an injection attack.
2836:
2474:
3658:
3610:
3273:
1725:
90:
received four attack campaigns per month, and retailers received twice as many attacks as other industries.
1960:
1169:) so that the database understands the single quote is part of a given string, rather than its terminator.
1573:
1181:
semantics; the following example parameterizes a SQL query by escaping username and password parameters:
50:
2587:
2374:
3699:
3433:
2065:
1316:
1158:
2400:
3070:
3719:
3631:
3580:
3525:
3393:
3366:
3348:
3313:
3246:
3217:
1903:
1823:
1772:
1756:
1745:
1595:
in
American history", the man stole cards from a number of corporate victims after researching their
1376:
210:
3503:
3278:
3236:
1857:
Unauthorized login to websites by means of SQL injection forms the basis of one of the subplots in
1760:
1569:
2036:
3687:
3615:
3520:
2123:
2018:
1908:
1863:
1804:
1764:
1752:
1678:
1660:
1608:
1343:
1333:
38:
3119:"Jego firma ma w nazwie SQL injection. Nie zazdrościmy tym, którzy będą go fakturowali ;)"
1688:
Over a period of 4 hours on April 27, 2011, an automated SQL injection attack occurred on
462:
Imagine a program creates a SQL statement using the following string assignment command :
21:
3735:
3493:
3428:
3378:
3325:
3283:
3231:
2283:
2095:
2010:
1819:
1788:
1689:
1596:
53:
in an application's software, for example, when user input is either incorrectly filtered for
2360:
2240:
3704:
3644:
3408:
3398:
3293:
2504:
2002:
1919:
1615:
1347:
805:
3595:
3575:
3298:
3288:
3169:
2984:
2960:
2100:
1588:
1535:
information security magazine from the Tech Target group and steal customers' information.
1154:
810:
99:
87:
72:
57:
3765:
3663:
3513:
3463:
3438:
3403:
3383:
3263:
3251:
2953:
1898:
1812:
1623:
1592:
1237:"SELECT * FROM `Users` WHERE UserName='%s' AND Password='%s'"
1161:
of characters that need translation. For instance, every occurrence of a single quote (
54:
34:
2732:
1648:
used an SQL injection to gain access to customers' credit card data from Neo Beat, an
1531:
On
November 1, 2005, a teenaged hacker used SQL injection to break into the site of a
3780:
3675:
3636:
3600:
3453:
3443:
3413:
2535:
2430:
2186:
2149:
2022:
1741:
1682:
1339:
65:
2211:"Extracting Multiple Bits Per Request From Full-blind SQL Injection Vulnerabilities"
300:
The program will use the same string concatenation approach with the 3 fragments of
3791:
3709:
3565:
3268:
2532:"Oklahoma Leaks Tens of Thousands of Social Security Numbers, Other Sensitive Data"
1875:
1858:
1577:
1320:
756:
2561:
203:' in the above statement was provided by user input. The user entered the string '
2631:
209:' (without the apostrophes) in a web form text entry field, and the program used
3649:
3483:
3458:
3423:
3258:
2449:"WHID 2005-46: Teen uses SQL injection to break to a security magazine web site"
1925:
3002:"TalkTalk gets record ÂŁ400,000 fine for failing to prevent October 2015 attack"
2330:
106:. In 2013, SQL injection was rated the number one attack on the OWASP top ten.
3714:
3530:
3478:
3361:
3241:
3156:
2901:"Hackers Breach 53 Universities and Dump Thousands of Personal Records Online"
2308:
1733:
1696:
1667:
1627:
1619:
1363:, phone numbers) can also be checked to determine if said pattern is matched.
801:
2924:"Hackers Leak Data Allegedly Stolen from Chinese Chamber of Commerce Website"
2702:
2014:
1659:
a voter attempted a code injection by hand writing SQL commands as part of a
3590:
3545:
3540:
3388:
3356:
1795:
1737:
800:
from which it would populate the review page with data from the review with
45:
statements are inserted into an entry field for execution (e.g. to dump the
3175:
1798:-based computer security company Hold Security disclosed that it uncovered
1728:
a hacker group was reported to have stolen 450,000 login credentials from
3550:
3508:
3371:
2841:
1776:
1604:
1565:
46:
2434:
3560:
3535:
3498:
3186:
3048:"Gab, a haven for pro-Trump conspiracy theories, has been hacked again"
2477:. Web Application Security Consortium. January 13, 2006. Archived from
2451:. Web Application Security Consortium. November 1, 2005. Archived from
2006:
1883:
1700:
1671:
1808:
confirmed this finding by hiring a security expert to check the claim.
3473:
3418:
3333:
2237:"Using SQLBrute to brute force data from a blind SQL injection point"
1831:
1729:
1704:
1539:
1532:
657:
This input renders the final SQL statement as follows and specified:
509:
renders one of the following SQL statements by the parent language:
213:
statements to form the above SQL statement from the three fragments
2452:
2094:
Jeff
Forristal (signing as rain.forest.puppy) (December 25, 1998).
1614:
In July 2010, a South American security researcher who goes by the
2478:
1913:
1711:'s website, accessing the personal information of a million users.
1649:
1645:
1641:
1360:
1178:
1018:
103:
80:
20:
1870:
In 2014, an individual in Poland legally renamed his business to
1618:"Ch Russo" obtained sensitive user information from popular
68:
for websites but can be used to attack any type of SQL database.
1935:
1846:
1708:
1707:, download keys, and passwords that were stored in plaintext on
76:
3190:
1830:. A second attack against Gab was launched the next week using
1685:
and usernames of employees were among the information obtained.
83:
databases can also be affected by this security vulnerability.
64:
and unexpectedly executed. SQL injection is mostly known as an
3029:"Rookie coding mistake prior to Gab hack came from site's CTO"
1715:
1631:
1170:
1141:
760:
731:
607:
42:
2781:"LulzSec hacks Sony Pictures, reveals 1m passwords unguarded"
1637:
and records of which torrents individual users have uploaded.
25:
A classification of SQL injection attacking vector as of 2010
3312:
2954:'Close-Knit' Russian Hacker Gang Hoards 1.2 Billion ID Creds
1165:) in a string parameter must be prepended with a backslash (
1815:
servers, exploiting a vulnerability in a legacy web portal.
2755:"DSLReports.com breach exposed more than 100,000 accounts"
2475:"WHID 2006-3: Russian hackers broke into a RI GOV website"
1350:. The user input is then assigned (bound) to a parameter.
2375:"SQL Injection Attacks & Prevention: Complete Guide"
98:
Discussions of SQL injection, such as a 1998 article in
49:
contents to the attacker). SQL injection must exploit a
3066:
2810:"Imperva.com: PBS Hacked - How Hackers Probably Did It"
2978:
Russian Gang Amasses Over a Billion Internet Passwords
1922:, a similar concept applied to artificial intelligence
1802:
from nearly 420,000 websites through SQL injections.
1599:. Among the companies hit were credit card processor
2037:"Hacking NodeJS and MongoDB | Websecurify Blog"
3624:
3324:
3224:
1670:website was compromised by a Romanian hacker named
1023:
874:
815:
614:
465:
415:
370:
352:
328:
301:
274:
268:
247:
241:
214:
204:
198:
185:
170:
164:
125:
1872:Dariusz Jakubowski x'; DROP TABLE users; SELECT '1
1744:. The group breached Yahoo's security by using a "
759:to determine which book review to display. So the
476:"SELECT * FROM users WHERE name = '"
86:In a 2012 study, it was observed that the average
2757:. The Tech Herald. April 29, 2011. Archived from
3157:WASC Threat Classification - SQL Injection Entry
2837:"Yahoo reportedly hacked: Is your account safe?"
2685:"Hacker breaks into Barracuda Networks database"
2632:"Royal Navy website attacked by Romanian hacker"
1874:in an attempt to disrupt operation of spammers'
60:embedded in SQL statements or user input is not
2870:"450,000 user passwords leaked in Yahoo breach"
1580:had been downloaded via an SQL injection attack
1304:layers to automate the escaping of parameters.
506:' OR '1'='1' -- ' OR '1'='1' { ' OR '1'='1' /*
3176:SDL Quick security references on SQL injection
3202:
3159:, by the Web Application Security Consortium.
1703:were accused of using SQL injection to steal
1681:was compromised using an SQL injection flaw.
1153:The simplest way to prevent injections is to
41:data-driven applications, in which malicious
8:
2606:"Did Little Bobby Tables migrate to Sweden?"
1988:
1986:
197:As a simple example, imagine that the data '
2731:. Cnet News. April 28, 2011. Archived from
2729:"DSLReports says member information stolen"
2659:"Super Virus A Target For Cyber Terrorists"
2501:"Anti-U.S. Hackers Infiltrate Army Servers"
2288:: CS1 maint: numeric names: authors list (
3209:
3195:
3187:
3753:Security information and event management
3093:"The Bobby Tables Guide to SQL Injection"
2403:. Open Web Application Security Project.
1640:From July 24 to 26, 2010, attackers from
459:A more complex example is now presented.
71:SQL injection attacks allow attackers to
1818:In early 2021, 70 gigabytes of data was
1177:function to escape strings according to
766:would cause the server to run the query
3129:from the original on September 24, 2014
2059:"Imperva Web Application Attack Report"
1951:
3182:How security flaws work: SQL injection
3073:from the original on February 25, 2013
2511:from the original on December 20, 2016
2427:"Guesswork Plagues Web Hole Reporting"
2401:"SQL Injection Prevention Cheat Sheet"
2281:
1834:tokens stolen during the first attack.
1736:and were allegedly taken from a Yahoo
267:Now imagine that instead of entering '
184:is an example of a command (the value
119:Incorrectly constructed SQL statements
3730:Host-based intrusion detection system
2911:from the original on October 5, 2012.
2709:from the original on October 18, 2012
2638:from the original on November 9, 2010
2594:from the original on August 24, 2010.
2407:from the original on January 20, 2012
2341:from the original on October 26, 2015
2213:. Hack All The Things. Archived from
2185:, IBM, pp. 13–14, archived from
1916:Open Web Application Security Project
764:https://books.example.com/review?id=5
104:Open Web Application Security Project
7:
3095:. September 15, 2009. Archived from
2899:Perlroth, Nicole (October 3, 2012).
2568:from the original on August 18, 2009
2530:Alex Papadimoulis (April 15, 2008).
2156:from the original on October 9, 2013
2112:from the original on March 19, 2014.
1562:Sexual and Violent Offender Registry
3761:Runtime application self-protection
2922:Kovacs, Eduard (November 4, 2013).
2703:"site user password intrusion info"
2361:"Transparent query layer for MySQL"
2331:"Questions for TalkTalk - BBC News"
2303:Andrey Rassokhin; Dmitry Oleksyuk.
2096:"NT Web Technology Vulnerabilities"
1967:from the original on August 2, 2013
1800:a theft of confidential information
1585:United States Department of Justice
1572:" after being informed that 10,597
2934:from the original on March 2, 2014
2849:from the original on July 14, 2012
2562:"US man 'stole 130m card numbers'"
2363:. Robert Eisele. November 8, 2010.
14:
3693:Security-focused operating system
3125:(in Polish). September 11, 2014.
3004:. October 5, 2016. Archived from
2880:from the original on July 2, 2014
2612:from the original on July 1, 2012
2542:from the original on May 10, 2008
2183:IBM Informix Guide to SQL: Syntax
2130:from the original on May 19, 2011
610:that allows multiple statements:
3489:Insecure direct object reference
3151:OWASP SQL Injection Cheat Sheets
2150:"Category:OWASP Top Ten Project"
2124:"Category:OWASP Top Ten Project"
1852:Robert'); DROP TABLE Students;--
1748:-based SQL injection technique".
1666:On November 8, 2010 the British
1542:computer criminals broke into a
3743:Information security management
3163:Why SQL Injection Won't Go Away
2657:Sam Kiley (November 25, 2010).
2433:. March 6, 2002. Archived from
2239:. Justin Clarke. Archived from
1551:McAlester Army Ammunition Plant
190:is also data in this example).
75:identity, tamper with existing
2787:, June 2, 2011, archived from
2634:. BBC News. November 8, 2010.
2305:"TDSS botnet: full disclosure"
2264:"Blind SQL Injection tutorial"
931:, which may result in queries
1:
3046:Goodin, Dan (March 8, 2021).
3027:Goodin, Dan (March 2, 2021).
1850:cartoon involved a character
1657:2010 Swedish general election
1587:charged an American citizen,
2868:Yap, Jamie (July 12, 2012).
1781:tuition in the United States
1732:. The logins were stored in
369:and construct the statement
3748:Information risk management
3669:Multi-factor authentication
3225:Related security categories
2176:"How to Enter SQL Comments"
1822:from the far-right website
1655:On September 19 during the
1568:shut down its website for "
1175:mysqli_real_escape_string()
169:' is data and the fragment
3808:
3725:Intrusion detection system
3683:Computer security software
3339:Advanced persistent threat
2983:February 27, 2017, at the
2608:. Alicebobandmallory.com.
1931:Uncontrolled format string
1603:, convenience store chain
1597:payment processing systems
1555:US Army Corps of Engineers
1331:
1123:Second-order SQL injection
16:Computer hacking technique
3310:
3304:Digital rights management
3168:November 9, 2012, at the
3067:"XKCD: Exploits of a Mom"
1601:Heartland Payment Systems
1315:(ORM) frameworks such as
1313:Object–relational mapping
1308:Object relational mappers
3449:Denial-of-service attack
3344:Arbitrary code execution
2564:. BBC. August 17, 2009.
1941:Web application security
1607:, and supermarket chain
1583:On August 17, 2009, the
1381:
1328:Parameterized statements
1183:
933:
768:
659:
554:
511:
3659:Computer access control
3611:Rogue security software
3274:Electromagnetic warfare
2588:"The pirate bay attack"
1574:Social Security numbers
1560:On April 13, 2008, the
1544:Rhode Island government
1021:running on the server:
273:' the attacker entered
3705:Obfuscation (software)
3434:Browser Helper Objects
3318:
2959:July 14, 2017, at the
51:security vulnerability
26:
3700:Data-centric security
3581:Remote access trojans
3316:
2057:Imperva (July 2012).
1538:On January 13, 2006,
1213:'db_password'
1207:'db_username'
751:Conditional responses
240:, the user input of '
24:
3632:Application security
3526:Privilege escalation
3394:Cross-site scripting
3247:Cybersex trafficking
3218:Information security
2665:on November 28, 2010
2481:on February 13, 2011
2337:. October 26, 2015.
2270:on December 14, 2012
2192:on February 24, 2021
2071:on September 7, 2013
1904:Cross-site scripting
1773:University of Zurich
1674:using SQL injection.
1377:Microsoft SQL Server
1367:Database permissions
327:, the user input of
211:string concatenation
3279:Information warfare
3237:Automotive security
3178:by Bala Neerumalla.
3172:, by Stuart Thomas.
3099:on November 7, 2017
3008:on October 24, 2016
2455:on January 17, 2010
2381:. February 13, 2021
2311:on December 9, 2012
1677:On April 11, 2011,
1570:routine maintenance
742:Blind SQL injection
3787:Injection exploits
3688:Antivirus software
3556:Social engineering
3521:Polymorphic engine
3474:Fraudulent dialers
3379:Hardware backdoors
3319:
2989:The New York Times
2705:. Dslreports.com.
2108:(54 (article 8)).
2007:10.1049/sfw2.12018
1909:Metasploit Project
1864:The Casual Vacancy
1839:In popular culture
1805:The New York Times
1695:On June 1, 2011, "
1679:Barracuda Networks
1609:Hannaford Brothers
1334:Prepared statement
1267:real_escape_string
1249:real_escape_string
1201:'hostname'
1138:attack on TalkTalk
813:can load the URLs
37:technique used to
27:
3774:
3773:
3736:Anomaly detection
3641:Secure by default
3494:Keystroke loggers
3429:Drive-by download
3317:vectorial version
3284:Internet security
3232:Computer security
3065:Munroe, Randall.
2991:, August 5, 2014.
2976:Nicole Perlroth.
2761:on April 30, 2011
2735:on March 21, 2012
2691:on July 27, 2011.
1690:Broadband Reports
1219:'db_name'
804:5, stored in the
488:"'"
58:escape characters
3799:
3645:Secure by design
3576:Hardware Trojans
3409:History sniffing
3399:Cross-site leaks
3294:Network security
3211:
3204:
3197:
3188:
3139:
3138:
3136:
3134:
3115:
3109:
3108:
3106:
3104:
3089:
3083:
3082:
3080:
3078:
3062:
3056:
3055:
3043:
3037:
3036:
3024:
3018:
3017:
3015:
3013:
2998:
2992:
2974:
2968:
2967:, August 5, 2014
2950:
2944:
2943:
2941:
2939:
2919:
2913:
2912:
2896:
2890:
2889:
2887:
2885:
2865:
2859:
2858:
2856:
2854:
2832:
2826:
2825:
2823:
2821:
2816:on June 29, 2011
2812:. Archived from
2806:
2800:
2799:
2798:
2796:
2785:electronista.com
2777:
2771:
2770:
2768:
2766:
2751:
2745:
2744:
2742:
2740:
2725:
2719:
2718:
2716:
2714:
2699:
2693:
2692:
2687:. Archived from
2681:
2675:
2674:
2672:
2670:
2661:. Archived from
2654:
2648:
2647:
2645:
2643:
2628:
2622:
2621:
2619:
2617:
2602:
2596:
2595:
2590:. July 7, 2010.
2584:
2578:
2577:
2575:
2573:
2558:
2552:
2551:
2549:
2547:
2527:
2521:
2520:
2518:
2516:
2507:. May 29, 2009.
2505:Information Week
2497:
2491:
2490:
2488:
2486:
2471:
2465:
2464:
2462:
2460:
2445:
2439:
2438:
2437:on July 9, 2012.
2423:
2417:
2416:
2414:
2412:
2397:
2391:
2390:
2388:
2386:
2379:appsecmonkey.com
2371:
2365:
2364:
2357:
2351:
2350:
2348:
2346:
2327:
2321:
2320:
2318:
2316:
2307:. Archived from
2300:
2294:
2293:
2287:
2279:
2277:
2275:
2266:. Archived from
2259:
2253:
2252:
2250:
2248:
2243:on June 14, 2008
2233:
2227:
2226:
2224:
2222:
2207:
2201:
2200:
2199:
2197:
2191:
2180:
2172:
2166:
2165:
2163:
2161:
2146:
2140:
2139:
2137:
2135:
2120:
2114:
2113:
2091:
2085:
2084:
2078:
2076:
2070:
2064:. Archived from
2063:
2054:
2048:
2047:
2045:
2043:
2033:
2027:
2026:
1990:
1981:
1980:
1974:
1972:
1956:
1920:Prompt injection
1794:In August 2014,
1517:
1514:
1513:webdatabaselogon
1511:
1508:
1505:
1502:
1499:
1496:
1493:
1490:
1487:
1486:webdatabaselogon
1484:
1481:
1478:
1475:
1472:
1469:
1466:
1463:
1460:
1459:webdatabaselogon
1457:
1454:
1451:
1448:
1445:
1442:
1439:
1436:
1433:
1432:webdatabaselogon
1430:
1427:
1424:
1421:
1418:
1415:
1412:
1409:
1406:
1405:webdatabaselogon
1403:
1400:
1397:
1394:
1391:
1388:
1385:
1375:For example, on
1295:
1292:
1289:
1286:
1283:
1280:
1277:
1274:
1271:
1268:
1265:
1262:
1259:
1256:
1253:
1250:
1247:
1244:
1241:
1238:
1235:
1232:
1229:
1226:
1223:
1220:
1217:
1214:
1211:
1208:
1205:
1202:
1199:
1196:
1193:
1190:
1187:
1176:
1168:
1164:
1118:
1117:
1116:
1113:
1110:
1107:
1104:
1101:
1098:
1095:
1092:
1089:
1086:
1083:
1080:
1077:
1074:
1071:
1068:
1065:
1062:
1059:
1056:
1053:
1050:
1047:
1044:
1041:
1038:
1035:
1032:
1029:
1026:
1012:
1009:
1006:
1003:
1000:
997:
994:
991:
988:
985:
982:
979:
976:
973:
970:
967:
964:
961:
958:
955:
952:
949:
946:
943:
940:
937:
930:
929:
928:
925:
922:
919:
916:
913:
910:
907:
904:
901:
898:
895:
892:
889:
886:
883:
880:
877:
871:
870:
869:
866:
863:
860:
857:
854:
851:
848:
845:
842:
839:
836:
833:
830:
827:
824:
821:
818:
796:
793:
790:
787:
784:
781:
778:
775:
772:
765:
737:
726:
723:
720:
717:
714:
711:
708:
705:
702:
699:
696:
693:
690:
687:
684:
681:
678:
675:
672:
669:
666:
663:
654:
653:
650:
647:
644:
641:
638:
635:
632:
629:
626:
623:
620:
617:
594:
591:
588:
585:
582:
579:
576:
573:
570:
567:
564:
561:
558:
551:
548:
545:
542:
539:
536:
533:
530:
527:
524:
521:
518:
515:
493:
492:
489:
486:
483:
480:
477:
474:
471:
468:
455:
454:
451:
448:
445:
442:
439:
436:
433:
430:
427:
424:
421:
418:
413:
412:
409:
406:
403:
400:
397:
394:
391:
388:
385:
382:
379:
376:
373:
368:
367:
364:
361:
358:
355:
350:
349:
346:
343:
340:
337:
334:
331:
326:
325:
322:
319:
316:
313:
310:
307:
304:
296:
295:
292:
289:
286:
283:
280:
277:
272:
271:
263:
262:
259:
256:
253:
250:
245:
244:
239:
238:
235:
232:
229:
226:
223:
220:
217:
208:
207:
202:
201:
189:
188:
183:
182:
179:
176:
173:
168:
167:
162:
161:
158:
155:
152:
149:
146:
143:
140:
137:
134:
131:
128:
3807:
3806:
3802:
3801:
3800:
3798:
3797:
3796:
3777:
3776:
3775:
3770:
3620:
3320:
3308:
3299:Copy protection
3289:Mobile security
3220:
3215:
3170:Wayback Machine
3147:
3142:
3132:
3130:
3117:
3116:
3112:
3102:
3100:
3091:
3090:
3086:
3076:
3074:
3064:
3063:
3059:
3045:
3044:
3040:
3026:
3025:
3021:
3011:
3009:
3000:
2999:
2995:
2985:Wayback Machine
2975:
2971:
2961:Wayback Machine
2951:
2947:
2937:
2935:
2921:
2920:
2916:
2898:
2897:
2893:
2883:
2881:
2867:
2866:
2862:
2852:
2850:
2834:
2833:
2829:
2819:
2817:
2808:
2807:
2803:
2794:
2792:
2791:on June 6, 2011
2779:
2778:
2774:
2764:
2762:
2753:
2752:
2748:
2738:
2736:
2727:
2726:
2722:
2712:
2710:
2701:
2700:
2696:
2683:
2682:
2678:
2668:
2666:
2656:
2655:
2651:
2641:
2639:
2630:
2629:
2625:
2615:
2613:
2604:
2603:
2599:
2586:
2585:
2581:
2571:
2569:
2560:
2559:
2555:
2545:
2543:
2529:
2528:
2524:
2514:
2512:
2499:
2498:
2494:
2484:
2482:
2473:
2472:
2468:
2458:
2456:
2447:
2446:
2442:
2425:
2424:
2420:
2410:
2408:
2399:
2398:
2394:
2384:
2382:
2373:
2372:
2368:
2359:
2358:
2354:
2344:
2342:
2329:
2328:
2324:
2314:
2312:
2302:
2301:
2297:
2280:
2273:
2271:
2261:
2260:
2256:
2246:
2244:
2235:
2234:
2230:
2220:
2218:
2217:on July 8, 2016
2209:
2208:
2204:
2195:
2193:
2189:
2178:
2174:
2173:
2169:
2159:
2157:
2148:
2147:
2143:
2133:
2131:
2122:
2121:
2117:
2101:Phrack Magazine
2093:
2092:
2088:
2074:
2072:
2068:
2061:
2056:
2055:
2051:
2041:
2039:
2035:
2034:
2030:
1992:
1991:
1984:
1970:
1968:
1961:"SQL Injection"
1958:
1957:
1953:
1949:
1895:
1876:harvesting bots
1841:
1699:" of the group
1683:Email addresses
1635:password hashes
1589:Albert Gonzalez
1524:
1519:
1518:
1515:
1512:
1509:
1506:
1503:
1500:
1497:
1494:
1491:
1488:
1485:
1482:
1479:
1476:
1473:
1470:
1467:
1464:
1461:
1458:
1455:
1452:
1449:
1446:
1443:
1440:
1437:
1434:
1431:
1428:
1425:
1422:
1419:
1416:
1413:
1410:
1407:
1404:
1401:
1398:
1395:
1392:
1389:
1386:
1383:
1369:
1356:
1336:
1330:
1310:
1297:
1296:
1293:
1290:
1287:
1284:
1281:
1278:
1275:
1272:
1269:
1266:
1263:
1260:
1257:
1254:
1251:
1248:
1245:
1242:
1239:
1236:
1233:
1230:
1227:
1224:
1221:
1218:
1215:
1212:
1209:
1206:
1203:
1200:
1197:
1194:
1191:
1188:
1185:
1174:
1166:
1162:
1151:
1134:
1125:
1114:
1111:
1108:
1105:
1102:
1099:
1096:
1093:
1090:
1087:
1084:
1081:
1078:
1075:
1072:
1069:
1066:
1063:
1060:
1057:
1054:
1051:
1048:
1045:
1042:
1039:
1036:
1033:
1030:
1027:
1024:
1022:
1014:
1013:
1010:
1007:
1004:
1001:
998:
995:
992:
989:
986:
983:
980:
977:
974:
971:
968:
965:
962:
959:
956:
953:
950:
947:
944:
941:
938:
935:
926:
923:
920:
918:' AND '
917:
914:
911:
908:
905:
902:
899:
896:
893:
890:
887:
884:
881:
878:
875:
873:
867:
864:
861:
858:
855:
852:
849:
846:
843:
840:
837:
834:
831:
828:
825:
822:
819:
816:
814:
798:
797:
794:
791:
788:
785:
782:
779:
776:
773:
770:
763:
753:
744:
735:
728:
727:
724:
721:
718:
715:
712:
709:
706:
703:
700:
697:
694:
691:
688:
685:
682:
679:
676:
673:
670:
667:
664:
661:
651:
648:
645:
642:
639:
636:
633:
630:
627:
624:
621:
618:
615:
596:
595:
592:
589:
586:
583:
580:
577:
574:
571:
568:
565:
562:
559:
556:
553:
552:
549:
546:
543:
540:
537:
534:
531:
528:
525:
522:
519:
516:
513:
507:
501:
490:
487:
484:
481:
478:
475:
472:
469:
466:
452:
449:
446:
443:
440:
437:
434:
431:
428:
425:
422:
419:
416:
410:
407:
404:
401:
398:
395:
392:
389:
386:
383:
380:
377:
374:
371:
365:
362:
359:
356:
353:
347:
344:
341:
338:
335:
332:
329:
323:
320:
317:
314:
311:
308:
305:
302:
293:
290:
287:
284:
281:
278:
275:
269:
260:
257:
254:
251:
248:
242:
236:
233:
230:
227:
224:
221:
218:
215:
205:
199:
186:
180:
177:
174:
171:
165:
159:
156:
153:
150:
148:'susan'
147:
144:
141:
138:
135:
132:
129:
126:
121:
112:
100:Phrack Magazine
96:
88:web application
17:
12:
11:
5:
3805:
3803:
3795:
3794:
3789:
3779:
3778:
3772:
3771:
3769:
3768:
3766:Site isolation
3763:
3758:
3757:
3756:
3750:
3740:
3739:
3738:
3733:
3722:
3717:
3712:
3707:
3702:
3697:
3696:
3695:
3690:
3680:
3679:
3678:
3673:
3672:
3671:
3664:Authentication
3656:
3655:
3654:
3653:
3652:
3642:
3639:
3628:
3626:
3622:
3621:
3619:
3618:
3613:
3608:
3603:
3598:
3593:
3588:
3583:
3578:
3573:
3568:
3563:
3558:
3553:
3548:
3543:
3538:
3533:
3528:
3523:
3518:
3517:
3516:
3506:
3501:
3496:
3491:
3486:
3481:
3476:
3471:
3466:
3464:Email spoofing
3461:
3456:
3451:
3446:
3441:
3436:
3431:
3426:
3421:
3416:
3411:
3406:
3404:DOM clobbering
3401:
3396:
3391:
3386:
3384:Code injection
3381:
3376:
3375:
3374:
3369:
3364:
3359:
3351:
3346:
3341:
3336:
3330:
3328:
3322:
3321:
3311:
3309:
3307:
3306:
3301:
3296:
3291:
3286:
3281:
3276:
3271:
3266:
3264:Cyberterrorism
3261:
3256:
3255:
3254:
3252:Computer fraud
3249:
3239:
3234:
3228:
3226:
3222:
3221:
3216:
3214:
3213:
3206:
3199:
3191:
3185:
3184:
3179:
3173:
3160:
3154:
3146:
3145:External links
3143:
3141:
3140:
3123:Niebezpiecznik
3110:
3084:
3057:
3038:
3019:
2993:
2969:
2952:Damon Poeter.
2945:
2928:Softpedia News
2914:
2905:New York Times
2891:
2860:
2835:Ngak, Chenda.
2827:
2801:
2772:
2746:
2720:
2694:
2676:
2649:
2623:
2597:
2579:
2553:
2522:
2492:
2466:
2440:
2418:
2392:
2366:
2352:
2322:
2295:
2254:
2228:
2202:
2167:
2141:
2115:
2086:
2049:
2028:
2001:(2): 188–197.
1982:
1950:
1948:
1945:
1944:
1943:
1938:
1933:
1928:
1923:
1917:
1911:
1906:
1901:
1899:Code injection
1894:
1891:
1890:
1889:
1881:The 2015 game
1879:
1868:
1861:'s 2012 novel
1855:
1840:
1837:
1836:
1835:
1816:
1809:
1792:
1784:
1749:
1723:
1714:In June 2011,
1712:
1693:
1686:
1675:
1664:
1653:
1638:
1624:The Pirate Bay
1612:
1593:identity theft
1581:
1558:
1547:
1536:
1529:
1523:
1520:
1382:
1368:
1365:
1355:
1352:
1340:bind variables
1332:Main article:
1329:
1326:
1309:
1306:
1184:
1150:
1147:
1133:
1130:
1124:
1121:
934:
859:' OR '
769:
752:
749:
743:
740:
660:
555:
512:
505:
499:
411:-- and age = 2
120:
117:
111:
108:
95:
92:
62:strongly typed
55:string literal
35:code injection
29:In computing,
15:
13:
10:
9:
6:
4:
3:
2:
3804:
3793:
3790:
3788:
3785:
3784:
3782:
3767:
3764:
3762:
3759:
3754:
3751:
3749:
3746:
3745:
3744:
3741:
3737:
3734:
3731:
3728:
3727:
3726:
3723:
3721:
3718:
3716:
3713:
3711:
3708:
3706:
3703:
3701:
3698:
3694:
3691:
3689:
3686:
3685:
3684:
3681:
3677:
3676:Authorization
3674:
3670:
3667:
3666:
3665:
3662:
3661:
3660:
3657:
3651:
3648:
3647:
3646:
3643:
3640:
3638:
3637:Secure coding
3635:
3634:
3633:
3630:
3629:
3627:
3623:
3617:
3614:
3612:
3609:
3607:
3606:SQL injection
3604:
3602:
3599:
3597:
3594:
3592:
3589:
3587:
3586:Vulnerability
3584:
3582:
3579:
3577:
3574:
3572:
3571:Trojan horses
3569:
3567:
3566:Software bugs
3564:
3562:
3559:
3557:
3554:
3552:
3549:
3547:
3544:
3542:
3539:
3537:
3534:
3532:
3529:
3527:
3524:
3522:
3519:
3515:
3512:
3511:
3510:
3507:
3505:
3502:
3500:
3497:
3495:
3492:
3490:
3487:
3485:
3482:
3480:
3477:
3475:
3472:
3470:
3467:
3465:
3462:
3460:
3457:
3455:
3454:Eavesdropping
3452:
3450:
3447:
3445:
3444:Data scraping
3442:
3440:
3437:
3435:
3432:
3430:
3427:
3425:
3422:
3420:
3417:
3415:
3414:Cryptojacking
3412:
3410:
3407:
3405:
3402:
3400:
3397:
3395:
3392:
3390:
3387:
3385:
3382:
3380:
3377:
3373:
3370:
3368:
3365:
3363:
3360:
3358:
3355:
3354:
3352:
3350:
3347:
3345:
3342:
3340:
3337:
3335:
3332:
3331:
3329:
3327:
3323:
3315:
3305:
3302:
3300:
3297:
3295:
3292:
3290:
3287:
3285:
3282:
3280:
3277:
3275:
3272:
3270:
3267:
3265:
3262:
3260:
3257:
3253:
3250:
3248:
3245:
3244:
3243:
3240:
3238:
3235:
3233:
3230:
3229:
3227:
3223:
3219:
3212:
3207:
3205:
3200:
3198:
3193:
3192:
3189:
3183:
3180:
3177:
3174:
3171:
3167:
3164:
3161:
3158:
3155:
3152:
3149:
3148:
3144:
3133:September 26,
3128:
3124:
3120:
3114:
3111:
3098:
3094:
3088:
3085:
3072:
3068:
3061:
3058:
3053:
3049:
3042:
3039:
3034:
3030:
3023:
3020:
3007:
3003:
2997:
2994:
2990:
2986:
2982:
2979:
2973:
2970:
2966:
2962:
2958:
2955:
2949:
2946:
2933:
2929:
2925:
2918:
2915:
2910:
2906:
2902:
2895:
2892:
2879:
2875:
2871:
2864:
2861:
2848:
2844:
2843:
2838:
2831:
2828:
2815:
2811:
2805:
2802:
2790:
2786:
2782:
2776:
2773:
2760:
2756:
2750:
2747:
2734:
2730:
2724:
2721:
2708:
2704:
2698:
2695:
2690:
2686:
2680:
2677:
2664:
2660:
2653:
2650:
2637:
2633:
2627:
2624:
2611:
2607:
2601:
2598:
2593:
2589:
2583:
2580:
2567:
2563:
2557:
2554:
2541:
2537:
2536:The Daily WTF
2533:
2526:
2523:
2510:
2506:
2502:
2496:
2493:
2480:
2476:
2470:
2467:
2454:
2450:
2444:
2441:
2436:
2432:
2431:SecurityFocus
2428:
2422:
2419:
2406:
2402:
2396:
2393:
2380:
2376:
2370:
2367:
2362:
2356:
2353:
2340:
2336:
2332:
2326:
2323:
2310:
2306:
2299:
2296:
2291:
2285:
2269:
2265:
2258:
2255:
2242:
2238:
2232:
2229:
2216:
2212:
2206:
2203:
2188:
2184:
2177:
2171:
2168:
2155:
2151:
2145:
2142:
2129:
2125:
2119:
2116:
2111:
2107:
2103:
2102:
2097:
2090:
2087:
2083:
2067:
2060:
2053:
2050:
2038:
2032:
2029:
2024:
2020:
2016:
2012:
2008:
2004:
2000:
1996:
1989:
1987:
1983:
1979:
1966:
1962:
1955:
1952:
1946:
1942:
1939:
1937:
1934:
1932:
1929:
1927:
1924:
1921:
1918:
1915:
1912:
1910:
1907:
1905:
1902:
1900:
1897:
1896:
1892:
1886:
1885:
1880:
1877:
1873:
1869:
1866:
1865:
1860:
1856:
1853:
1849:
1848:
1843:
1842:
1838:
1833:
1829:
1825:
1821:
1817:
1814:
1810:
1807:
1806:
1801:
1797:
1793:
1790:
1785:
1782:
1778:
1774:
1770:
1769:Johns Hopkins
1766:
1762:
1758:
1754:
1750:
1747:
1743:
1742:Yahoo! Voices
1739:
1735:
1731:
1727:
1724:
1721:
1717:
1713:
1710:
1706:
1702:
1698:
1694:
1691:
1687:
1684:
1680:
1676:
1673:
1669:
1665:
1662:
1658:
1654:
1651:
1647:
1643:
1639:
1636:
1633:
1629:
1625:
1621:
1617:
1613:
1610:
1606:
1602:
1598:
1594:
1590:
1586:
1582:
1579:
1578:sex offenders
1576:belonging to
1575:
1571:
1567:
1563:
1559:
1557:respectively.
1556:
1552:
1548:
1545:
1541:
1537:
1534:
1530:
1526:
1525:
1521:
1380:
1378:
1373:
1366:
1364:
1362:
1354:Pattern check
1353:
1351:
1349:
1345:
1341:
1335:
1327:
1325:
1322:
1318:
1314:
1307:
1305:
1303:
1182:
1180:
1173:provides the
1172:
1160:
1156:
1148:
1146:
1143:
1140:in 2015, the
1139:
1131:
1129:
1122:
1120:
1020:
932:
812:
807:
803:
767:
762:
758:
750:
748:
741:
739:
736:mysql_query()
733:
658:
655:
611:
609:
603:
601:
510:
504:
498:
494:
463:
460:
457:
298:
265:
212:
195:
191:
118:
116:
109:
107:
105:
101:
93:
91:
89:
84:
82:
78:
74:
69:
67:
66:attack vector
63:
59:
56:
52:
48:
44:
40:
36:
32:
31:SQL injection
23:
19:
3710:Data masking
3605:
3269:Cyberwarfare
3131:. Retrieved
3122:
3113:
3101:. Retrieved
3097:the original
3087:
3077:February 26,
3075:. Retrieved
3060:
3052:Ars Technica
3051:
3041:
3033:Ars Technica
3032:
3022:
3010:. Retrieved
3006:the original
2996:
2988:
2972:
2964:
2948:
2938:February 27,
2936:. Retrieved
2927:
2917:
2904:
2894:
2884:February 18,
2882:. Retrieved
2873:
2863:
2851:. Retrieved
2840:
2830:
2818:. Retrieved
2814:the original
2804:
2793:, retrieved
2789:the original
2784:
2775:
2763:. Retrieved
2759:the original
2749:
2737:. Retrieved
2733:the original
2723:
2711:. Retrieved
2697:
2689:the original
2679:
2669:November 25,
2667:. Retrieved
2663:the original
2652:
2642:November 15,
2640:. Retrieved
2626:
2614:. Retrieved
2600:
2582:
2570:. Retrieved
2556:
2544:. Retrieved
2525:
2515:December 17,
2513:. Retrieved
2495:
2483:. Retrieved
2479:the original
2469:
2457:. Retrieved
2453:the original
2443:
2435:the original
2421:
2409:. Retrieved
2395:
2385:February 24,
2383:. Retrieved
2378:
2369:
2355:
2343:. Retrieved
2334:
2325:
2313:. Retrieved
2309:the original
2298:
2272:. Retrieved
2268:the original
2257:
2245:. Retrieved
2241:the original
2231:
2219:. Retrieved
2215:the original
2205:
2194:, retrieved
2187:the original
2182:
2170:
2158:. Retrieved
2144:
2132:. Retrieved
2118:
2105:
2099:
2089:
2080:
2073:. Retrieved
2066:the original
2052:
2042:November 15,
2040:. Retrieved
2031:
1998:
1995:IET Software
1994:
1976:
1969:. Retrieved
1954:
1882:
1871:
1862:
1859:J.K. Rowling
1851:
1845:
1803:
1777:pastebin.com
1726:In July 2012
1628:IP addresses
1374:
1370:
1357:
1337:
1321:ActiveRecord
1311:
1298:
1152:
1135:
1126:
1015:
799:
757:query string
754:
745:
729:
656:
612:
604:
599:
597:
508:
502:
495:
464:
461:
458:
299:
266:
196:
192:
163:the string '
122:
113:
97:
85:
70:
30:
28:
18:
3650:Misuse case
3484:Infostealer
3459:Email fraud
3424:Data breach
3259:Cybergeddon
3153:, by OWASP.
3103:October 30,
3012:October 23,
2965:PC Magazine
2459:December 1,
2345:October 26,
2315:December 6,
2274:December 6,
2247:October 18,
1959:Microsoft.
1926:SGML entity
1820:exfiltrated
1697:hacktivists
1302:abstraction
1097:'.'
1008:'2'
1002:'1'
996:'5'
984:bookreviews
969:'1'
963:'1'
957:'5'
945:bookreviews
924:'='
865:'='
792:'5'
780:bookreviews
722:'t'
716:'t'
683:'a'
643:'t'
590:'1'
584:'1'
547:'1'
541:'1'
500:' OR '1'='1
110:Root causes
3781:Categories
3715:Encryption
3591:Web shells
3531:Ransomware
3479:Hacktivism
3242:Cybercrime
2572:August 17,
2160:August 13,
1947:References
1813:TalkTalk's
1771:, and the
1734:plain text
1668:Royal Navy
1620:BitTorrent
1399:sysobjects
1273:$ password
1255:$ username
1132:Mitigation
578:''
535:''
438:''
393:''
3546:Shellcode
3541:Scareware
3389:Crimeware
3349:Backdoors
2765:April 29,
2739:April 29,
2152:. OWASP.
2126:. OWASP.
2075:August 4,
2023:233582569
2015:1751-8806
1971:August 4,
1796:Milwaukee
1789:Anonymous
1757:Princeton
1738:subdomain
1533:Taiwanese
1528:database.
1317:Hibernate
1159:blacklist
1091:@@version
1073:@@version
1067:substring
593:-- ';
470:statement
3720:Firewall
3625:Defenses
3551:Spamming
3536:Rootkits
3509:Phishing
3469:Exploits
3166:Archived
3127:Archived
3071:Archived
2981:Archived
2957:Archived
2932:Archived
2909:Archived
2878:Archived
2853:July 16,
2847:Archived
2842:CBS News
2707:Archived
2636:Archived
2610:Archived
2592:Archived
2566:Archived
2540:Archived
2509:Archived
2411:March 3,
2405:Archived
2339:Archived
2335:BBC News
2284:cite web
2262:macd3v.
2154:Archived
2128:Archived
2110:Archived
1965:Archived
1893:See also
1761:Stanford
1661:write-in
1605:7-Eleven
1566:Oklahoma
1553:and the
1522:Examples
1507:packages
1346:, not a
1279:$ mysqli
1261:$ mysqli
1243:$ mysqli
1186:$ mysqli
1149:Escaping
710:userinfo
637:userinfo
482:userName
47:database
3561:Spyware
3504:Payload
3499:Malware
3439:Viruses
3419:Botnets
3326:Threats
2820:July 1,
2795:June 3,
2713:June 3,
2616:June 3,
2546:May 16,
2485:May 16,
2221:July 8,
2196:June 4,
2134:June 3,
1884:Hacknet
1844:A 2007
1765:Cornell
1753:Harvard
1720:Imperva
1705:coupons
1701:LulzSec
1672:TinKode
1540:Russian
1426:objects
1291:$ query
1231:sprintf
1225:$ query
1037:example
891:example
832:example
246:', and
94:History
3755:(SIEM)
3732:(HIDS)
3616:Zombie
3353:Bombs
3334:Adware
2021:
2013:
1832:OAuth2
1730:Yahoo!
1616:handle
1495:select
1468:select
1453:tables
1441:select
1414:select
1387:select
1344:scalar
1195:mysqli
1155:escape
1049:review
975:SELECT
936:SELECT
903:review
844:review
811:hacker
771:SELECT
701:SELECT
662:SELECT
628:SELECT
557:SELECT
514:SELECT
426:person
417:select
381:person
372:select
351:, and
312:person
303:select
225:person
216:select
136:person
127:select
39:attack
3601:Worms
3596:Wiper
3514:Voice
3362:Logic
2874:ZDNet
2190:(PDF)
2179:(PDF)
2082:time.
2069:(PDF)
2062:(PDF)
2019:S2CID
1914:OWASP
1888:dump.
1746:union
1722:blog.
1663:vote.
1650:Osaka
1646:China
1642:Japan
1622:site
1480:views
1361:UUIDs
1348:table
1285:query
1282:->
1264:->
1246:->
1179:MySQL
1085:INSTR
1031:books
1025:https
1019:MySQL
987:WHERE
948:WHERE
885:books
876:https
826:books
817:https
806:table
783:WHERE
713:WHERE
695:users
692:TABLE
674:WHERE
671:users
649:'
640:WHERE
622:users
619:TABLE
569:WHERE
566:users
526:WHERE
523:users
429:where
384:where
354:'
330:'
324:'
315:where
276:'
270:susan
249:'
243:susan
237:'
228:where
206:susan
200:susan
166:susan
139:where
81:NoSQL
73:spoof
33:is a
3367:Time
3357:Fork
3135:2014
3105:2017
3079:2013
3014:2016
2940:2014
2886:2017
2855:2012
2822:2011
2797:2011
2767:2011
2741:2011
2715:2011
2671:2010
2644:2023
2618:2011
2574:2009
2548:2008
2517:2016
2487:2008
2461:2009
2413:2012
2387:2021
2347:2015
2317:2012
2290:link
2276:2012
2249:2008
2223:2016
2198:2018
2162:2013
2136:2011
2077:2013
2044:2023
2011:ISSN
1973:2013
1936:w3af
1847:xkcd
1709:Sony
1644:and
1492:deny
1465:deny
1438:deny
1411:deny
1384:deny
1319:and
981:FROM
942:FROM
872:and
777:FROM
707:FROM
689:DROP
677:name
668:FROM
634:FROM
616:DROP
572:name
563:FROM
529:name
520:FROM
432:name
423:from
387:name
378:from
318:name
309:from
231:name
222:from
142:name
133:from
77:data
3792:SQL
3372:Zip
2003:doi
1828:CTO
1824:Gab
1775:on
1716:PBS
1632:MD5
1564:of
1501:sys
1474:sys
1447:sys
1420:sys
1393:sys
1276:));
1192:new
1171:PHP
1142:BBC
1064:AND
1043:com
1028:://
999:AND
897:com
838:com
761:URL
734:'s
732:PHP
613:a';
608:API
600:all
467:var
360:age
357:and
255:age
252:and
175:age
172:and
154:age
151:and
43:SQL
3783::
3121:.
3069:.
3050:.
3031:.
2987:,
2963:,
2930:.
2926:.
2907:.
2903:.
2876:.
2872:.
2845:.
2839:.
2783:,
2538:.
2534:.
2503:.
2429:.
2377:.
2333:.
2286:}}
2282:{{
2181:,
2104:.
2098:.
2079:.
2017:.
2009:.
1999:15
1997:.
1985:^
1975:.
1963:.
1767:,
1763:,
1759:,
1755:,
1740:,
1630:,
1510:to
1498:on
1483:to
1471:on
1456:to
1444:on
1429:to
1417:on
1402:to
1390:on
1294:);
1258:),
1222:);
1055:id
990:ID
960:OR
951:ID
909:id
882://
850:id
823://
802:ID
786:ID
581:OR
538:OR
441:or
396:or
348:--
333:or
297:.
294:--
279:or
264:.
3210:e
3203:t
3196:v
3137:.
3107:.
3081:.
3054:.
3035:.
3016:.
2942:.
2888:.
2857:.
2824:.
2769:.
2743:.
2717:.
2673:.
2646:.
2620:.
2576:.
2550:.
2519:.
2489:.
2463:.
2415:.
2389:.
2349:.
2319:.
2292:)
2278:.
2251:.
2225:.
2164:.
2138:.
2106:8
2046:.
2025:.
2005::
1878:.
1867:.
1791:.
1783:.
1611:.
1516:;
1504:.
1489:;
1477:.
1462:;
1450:.
1435:;
1423:.
1408:;
1396:.
1288:(
1270:(
1252:(
1240:,
1234:(
1228:=
1216:,
1210:,
1204:,
1198:(
1189:=
1167:\
1163:'
1115:4
1112:=
1109:)
1106:1
1103:-
1100:)
1094:,
1088:(
1082:,
1079:1
1076:,
1070:(
1061:5
1058:=
1052:?
1046:/
1040:.
1034:.
1011:;
1005:=
993:=
978:*
972:;
966:=
954:=
939:*
927:2
921:1
915:5
912:=
906:?
900:/
894:.
888:.
879::
868:1
862:1
856:5
853:=
847:?
841:/
835:.
829:.
820::
795:;
789:=
774:*
725:;
719:=
704:*
698:;
686:;
680:=
665:*
652:t
646:=
631:*
625:;
587:=
575:=
560:*
550:;
544:=
532:=
517:*
491:;
485:+
479:+
473:=
453:;
450:1
447:=
444:1
435:=
420:*
408:;
405:1
402:=
399:1
390:=
375:*
366:2
363:=
345:;
342:1
339:=
336:1
321:=
306:*
291:;
288:1
285:=
282:1
261:2
258:=
234:=
219:*
187:2
181:2
178:=
160:2
157:=
145:=
130:*
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.