SQL Injection is an attack methodology that targets data residing in a database through the firewall that shields it. It attempts to modify the parameters of a Web-based app in in order to alter the SQL statements that are queried to retrieve data from the database.

This is probably the simplest definition of SQL injection. Th first step in this attack is to discover the applications that are vulnerable to attack, natcherly. This attack takes advantage of poor coding and website administration.

In SQL injection, user controlled data is placed into a SQL query without being validated for correct format or embedded control strings. It has been known to affect mostly applications which use a database backend and do not filter types of variables. It's been estimated that at least 50% of large e-commerce websites and abouit 75% of the medium to small websites are vulnerable to the attack. The main cause is the improper validation of CFML, ASP, JSP, and PHP codes.

How does an attacker uncover the weak web applications?  This discovery phase includes activities such  as looking at web pages resembling an ID number, category, or name. The attacker may sort through all forms of variables as well as cookies. Frequently, session cookies are stored in a database and the cookies are passed into SQL queries with little or no format checks. He may try inserting various strings into form fields and in query variables. However, someone looking for SQL weaknesses will start  off with single and double quotes, then try parenthesis, and the rest of the punctuation characters. The response expected is anything indicating an error.

How do you know if you have been attacked with SQL Injection? If you run an e-commerce website, you usually will sell things online. If you have a SQL Injection weakness, an attacker can gain access to your catalog database that contians the products you sell. An attacker using SQL Injection can change the prices in your catalog!!! For instance, say you sell T-Shirts. You have a t-shirt in your database that sells for $19.99. You may walk in one day to check your sales, and that one T-shirt now sells for $9.99. Bam, you just lost $10.00, AND you have something to worry about.

That's what SQL Injection can do.