SQL Injection
SQL stands for structured query language; it’s a programming language used to communicate with databases. Many of the servers that store critical data for websites and services use SQL to manage the data in their databases. A SQL injection attack specifically targets this kind of server, using malicious code to get the server to divulge information it normally wouldn’t. This is especially problematic if the server stores private customer information from the website, such as credit card numbers, usernames and passwords (credentials), or other personally identifiable information, which are tempting and lucrative targets for an attacker.
Malware/Threat actors
| Name | Type | Years | Source |
|---|---|---|---|
| Operation Cleaver | threat actor | 2012-2013 | Cylance_Operation_Cleaver_Report.pdf
stamp.jsp?tp=&arnumber=7460498&tag=1 |
| HURRICANE PANDA | threat actor | 2014 | GlobalThreatIntelReport.pdf
ICIT-Brief-China-Espionage-Dynasty.pdf Threat%20Group%20Cards.pdf GlobalThreatIntelReport.pdf |
| Wild Neutro | |||
| Hidden Lynx | threat actor | 2009-2013 | hidden_lynx.pdf
|
| Axiom | threat actor | 2009-2014 | ICIT-Brief-Know-Your-Enemies-2.0.pdf
Group_72.pdf |
| XSLCmd | malware | 2009-2012 | XSLCmd_OSX.pdf
|
| Rocket Kitten | threat actor | 2014-2015 | rocket-kitten-report.pdf
|
Preventions
- Prepared statements
- Use of Prepared Statements (with Parameterized Queries)
- Use of Stored Procedures
- White List Input Validation
- Escaping All User Supplied Input
Detections
- HTTP POST requests may include common SQL injections like:
1' or '1' = '1, 1' or '1' = '1
Toolkit
<Toolkit instructions, if applicable>