SQL Injection
SQL injection (SQLi) is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.
Identify Where SQL Injection can be Performed
There are many places where SQLi can be performed. For example,
- URL parameters
- POST parameters
- HTTP request headers (Cookie, User-Agent, etc.)
Cheat Sheet
To see SQL injection cheat sheet, please refer to this page.