SQL Injection

SQL injection (SQLi) is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.

Identify Where SQL Injection can be Performed

There are many places where SQLi can be performed. For example,

• URL parameters
• POST parameters
• HTTP request headers (Cookie, User-Agent, etc.)

Cheat Sheet

To see SQL injection cheat sheet, please refer to this page.