Common SQL injection commands and manipulation
SQL injection can be used in many different ways for many different purposes, due to the wide range of possible actions that can be performed through SQL. The most trivial use is trying to obtain otherwise inaccessible information, querying the database in ways that are not usually envisioned by the regular flow of the application logic. Other uses involve the bypass of authentication gates within applications, thus effectively escalating privileges, or alternatively gaining more control on the affected system in the case of stored credentials. Other common attacks include blind SQL injection: in most cases, the database console or output is not shown to an attacker, as the operations happen behind the so-called frontend; however, it is possible for an attacker to identify and exploit SQL injection by observing the application behavior. We will now see some examples of notorious attack techniques.