Using SQL (a programming language used to maintain most databases) injection, attackers can perform unauthorized database commands on a victim’s SQL database. Structured Query Language (SQL*) Injection is a code injection technique used to modify or retrieve data from SQL databases. By inserting specialized SQL statements into an entry field, an attacker is able to execute commands that allow for the retrieval of data from the database, the destruction of sensitive data, or other manipulative behaviors.
In modern computing, SQL injection typically occurs over the Internet by sending malicious SQL queries to an API endpoint provided by a website or service (more on this later). In its most severe form, SQL injection can allow an attacker to gain root access to a machine, giving them complete control. Learn more in the Cloudflare Learning Center.
Knowledge in Action
The Cloudflare WAF is available on both the Pro and Business plans, upgrade here.
