Deepshikha Paty
DI-ASM
What is an Injection Attack?
Injection attacks happen when a hacker sends malicious data (like code or commands) into an app, and the app blindly trusts and runs it.
This usually happens when user input is not checked or cleaned properly.
SQL injectioncommand line injection
Example : Injection (SQL Injection): Login Bypass
Example
A college website allows students to log in with their student ID and password.
The login form does not sanitize inputs. An attacker enters:
' OR '1'='1
into the username and bypasses authentication.
This is an example of Injection because the attacker injects malicious SQL into the login field to manipulate the query and gain unauthorized access.
🎯What is it risky?
- Hackers steal or delete your data
Take over accounts- Crash your system
- Even run their own code on your server (very dangerous!)
✅ How to Prevent ?
- Always check and clean user input
- Use frameworks like Laravel, which have built-in protections
- Use parameterized queries (not raw SQL)
- Add rules to your Web Application Firewall (WAF)