SQL injection is a type of attack on your database through poorly-coded forms or post/get parameters. It basically means an attacker can run SQL directly into your database, allowing them to read or write at will.
Cross-site scripting is a technique used to inject code into the client web browser, allowing an attacker to intercept the data the user is sending or receiving....
Cross-site scripting is a technique used to inject code into the client web browser, allowing an attacker to intercept the data the user is sending or receiving....
What is SQL Injection and Cross-Site Scripting
Cross-Site Scripting (XSS or CSS)
- Enables malicious attackers to inject client-side script (JavaScript) or HTML markup into web pages viewed by other users.
SQL Injection
- Insertion of a SQL query via input data from client to application that is later passed to an instance of SQL Server for parsing and execution.
- Very common with PHP and Classic ASP applications.
SQL Injection and Cross-Site Scripting attacks are not relatively new topics. Read more from:
The mentioned vulnerabilities can happen via:
- Query string
- Form input box
No comments:
Post a Comment