{"id":505,"date":"2022-08-06T22:53:54","date_gmt":"2022-08-06T22:53:54","guid":{"rendered":"https:\/\/securitybriefing.net\/?p=505"},"modified":"2022-08-06T22:53:54","modified_gmt":"2022-08-06T22:53:54","slug":"sql-befecskendezes-101-mi-az-sqli-es-hogyan-lehet-megelozni-a-tamadasokat","status":"publish","type":"post","link":"https:\/\/securitybriefing.net\/hu\/biztonsag\/sql-befecskendezes-101-mi-az-sqli-es-hogyan-lehet-megelozni-a-tamadasokat\/","title":{"rendered":"SQL Injection 101: Mi az SQLi \u00e9s hogyan lehet megel\u0151zni a t\u00e1mad\u00e1sokat"},"content":{"rendered":"

Mi az SQL befecskendez\u00e9s<\/strong><\/h2>\n\n\n

Az SQL befecskendez\u00e9s (SQLi) egy olyan t\u00e1mad\u00e1st\u00edpus, amely lehet\u0151v\u00e9 teszi a b\u0171n\u00f6z\u0151k sz\u00e1m\u00e1ra, hogy rosszindulat\u00fa SQL utas\u00edt\u00e1sokat hajtsanak v\u00e9gre sebezhet\u0151 webalkalmaz\u00e1sok ellen. A t\u00e1mad\u00f3k hozz\u00e1f\u00e9rhetnek \u00e9rz\u00e9keny adatokhoz, p\u00e9ld\u00e1ul \u00fcgyf\u00e9linform\u00e1ci\u00f3khoz, szem\u00e9lyes adatokhoz, \u00fczleti titkokhoz \u00e9s m\u00e9g sok m\u00e1shoz az alkalmaz\u00e1sbiztons\u00e1gi int\u00e9zked\u00e9sek megker\u00fcl\u00e9s\u00e9vel. Itt megvitatjuk az SQL befecskendez\u00e9st, annak m\u0171k\u00f6d\u00e9s\u00e9t \u00e9s azt, hogyan el\u0151zhetj\u00fck meg a t\u00e1mad\u00e1sokat.<\/p>\n\n\n\n

Az SQL befecskendez\u00e9ses t\u00e1mad\u00e1sok b\u00e1rmely olyan weboldalon el\u0151fordulhatnak, amely SQL adatb\u00e1zist haszn\u00e1l. Ez a t\u00e1mad\u00e1st\u00edpus lehet\u0151v\u00e9 teszi a t\u00e1mad\u00f3k sz\u00e1m\u00e1ra, hogy hozz\u00e1f\u00e9rjenek az alapvet\u0151 adatokhoz. L\u00e1thatj\u00e1k a fogyaszt\u00f3i inform\u00e1ci\u00f3kat, szem\u00e9lyes adatokat, \u00fczleti titkokat \u00e9s szellemi tulajdont. Ez az egyik legs\u00falyosabb t\u00e1mad\u00e1st\u00edpus a webalkalmaz\u00e1sok ellen az OWASP szerint.<\/p>\n\n\n

Az SQL befecskendez\u00e9s t\u00edpusai<\/strong><\/h2>\n\n\n
\"Az<\/figure>\n\n\n

S\u00e1von bel\u00fcli SQLi<\/strong><\/h3>\n\n\n

In-band SQL injection is an attack where the attacker uses the same channel to send and receive queries. In-band means that the response is obtained using the same communications medium. The attacker\u2019s goal is to get the response in a web browser immediately, if possible when carrying out the attack manually with a web browser.<\/p>\n\n\n\n

P\u00e9lda in-band SQL befecskendez\u00e9sre<\/strong><\/p>\n\n\n\n

The most common way for an attacker to do an in-band SQL injection is to change the request so they can see the personal information of the current user. This can be done by changing the value sent as part of the request. For example, if the statement was supposed to display the user\u2019s name, the attacker could change it so that their name is displayed instead.<\/p>\n\n\n\n

SELECT * FROM felhaszn\u00e1l\u00f3k WHERE felhaszn\u00e1l\u00f3_id LIKE 'aktu\u00e1lis_felhaszn\u00e1l\u00f3'<\/pre>\n\n\n\n
Az in-band SQL befecskendez\u00e9s k\u00e9t leggyakoribb form\u00e1ja a hiba alap\u00fa SQLi \u00e9s az uni\u00f3 alap\u00fa SQLi.<\/p>\n\n\n
Hiba alap\u00fa SQLi<\/strong><\/h4>\n\n\n
An error-based SQLi technique is an in-band SQL injection approach that takes advantage of database server error messages to discover the database\u2019s architecture. Error-based SQL injection is the most common type of in-band SQL injection.<\/p>\n\n\n\n
P\u00e9lda hiba alap\u00fa SQLi-re:<\/strong><\/p>\n\n\n\n
Ha egy t\u00e1mad\u00f3 megpr\u00f3b\u00e1l bejelentkezni a k\u00f6vetkez\u0151 hiteles\u00edt\u0151 adatokkal:<\/p>\n\n\n\n
felhaszn\u00e1l\u00f3n\u00e9v: ' OR 'a'='ajelsz\u00f3: b\u00e1rmi<\/pre>\n\n\n\n
Az adatb\u00e1zis hib\u00e1t fog visszaadni, mert az utas\u00edt\u00e1s szintaktikailag helytelen. A hiba\u00fczenet inform\u00e1ci\u00f3kat fed fel az adatb\u00e1zisr\u00f3l, amelyeket a t\u00e1mad\u00f3 el\u0151ny\u00e9re haszn\u00e1lhat.<\/p>\n\n\n
Uni\u00f3 alap\u00fa SQLi:<\/strong><\/h4>\n\n\n
Az in-band SQL befecskendez\u00e9s egy m\u00f3dja annak, hogy inform\u00e1ci\u00f3t szerezzenek egy weboldalr\u00f3l az UNION oper\u00e1tor haszn\u00e1lat\u00e1val, amely k\u00e9t vagy t\u00f6bb SELECT utas\u00edt\u00e1s kimeneteit kombin\u00e1lja.<\/p>\n\n\n
Vak SQL befecskendez\u00e9s<\/strong><\/h3>\n\n\n
A vak SQL befecskendez\u00e9s egy olyan t\u00e1mad\u00e1s, ahol a t\u00e1mad\u00f3 megpr\u00f3b\u00e1l v\u00e1laszokat kapni az adatb\u00e1zisb\u00f3l olyan k\u00e9rd\u00e9sek feltev\u00e9s\u00e9vel, amelyek igaz vagy hamis v\u00e1laszt eredm\u00e9nyeznek. A t\u00e1mad\u00f3 hiba\u00fczeneteket haszn\u00e1l, hogy l\u00e1ssa, az alkalmaz\u00e1s m\u00e1sk\u00e9pp reag\u00e1l-e, amikor egy adott k\u00f3dot haszn\u00e1lnak.<\/p>\n\n\n\n
Amikor egy hacker SQL befecskendez\u00e9st haszn\u00e1l, a webalkalmaz\u00e1s kritikus adatb\u00e1zis figyelmeztet\u0151 \u00fczeneteket jelen\u00edthet meg, amelyek azt \u00e1ll\u00edtj\u00e1k, hogy az SQL lek\u00e9rdez\u00e9s szintaxisa helytelen. A vak SQL befecskendez\u00e9s ugyan\u00fagy m\u0171k\u00f6dik, mint a hagyom\u00e1nyos SQL befecskendez\u00e9s, kiv\u00e9ve, hogy az adatokat hogyan szerzik meg az adatb\u00e1zisb\u00f3l. Ha egy adatb\u00e1zis nem rendelkezik elegend\u0151 inform\u00e1ci\u00f3val ahhoz, hogy a t\u00e1mad\u00f3 kihaszn\u00e1lhassa, a t\u00e1mad\u00f3nak k\u00e9rd\u00e9ssorozatot kell feltennie az adatok megszerz\u00e9s\u00e9hez.<\/p>\n\n\n\n
A vak SQL befecskendez\u00e9s vak-logikai alap\u00fa SQLi-re \u00e9s vak-id\u0151 alap\u00fa SQLi-re oszlik.<\/p>\n\n\n
Logikai alap\u00fa vak SQLi<\/strong><\/h4>\n\n\n
A logikai alap\u00fa vak SQL befecskendez\u00e9s egy olyan t\u00e1mad\u00e1s, ahol a t\u00e1mad\u00f3 megpr\u00f3b\u00e1l v\u00e1laszokat kapni az adatb\u00e1zisb\u00f3l olyan k\u00e9rd\u00e9sek feltev\u00e9s\u00e9vel, amelyek igaz vagy hamis v\u00e1laszt eredm\u00e9nyeznek. A t\u00e1mad\u00f3 hiba\u00fczeneteket haszn\u00e1l, hogy l\u00e1ssa, az alkalmaz\u00e1s m\u00e1sk\u00e9pp reag\u00e1l-e, amikor egy adott k\u00f3dot haszn\u00e1lnak.<\/p>\n\n\n\n
P\u00e9lda logikai alap\u00fa vak SQLi-re:<\/p>\n\n\n\n
Ha egy t\u00e1mad\u00f3 meg akarja tudni az adatb\u00e1zis t\u00edpus\u00e1t, a k\u00f6vetkez\u0151 utas\u00edt\u00e1st haszn\u00e1lja:<\/p>\n\n\n\n
SELECT * FROM users WHERE user_id LIKE 'current_user' \u00e9s database() like '%type%'<\/pre>\n\n\n\n
Ha az adatb\u00e1zis MySQL, a kimenet valami ilyesmi lenne:<\/p>\n\n\n\n
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near \u2018and database() like \u2018%type%\u201d at line<\/p>\n\n\n
Id\u0151 alap\u00fa vak SQL befecskendez\u00e9s<\/strong><\/h4>\n\n\n
Az id\u0151 alap\u00fa vak t\u00e1mad\u00e1s az, amikor egy SQL parancsot k\u00fcldenek a szervernek olyan k\u00f3ddal, amely lassabban hajtja v\u00e9gre a lek\u00e9rdez\u00e9seket.<\/p>\n\n\n\n
Time-based Blind attacks allow attackers to extract data based on access time. Such an attack is known as a blind or inferential injection assault. This is a type of assault in which no data flows between the attacker and the database, but because there is no response, it\u2019s also known as a blind injection attack.<\/p>\n\n\n\n
A v\u00e1laszid\u0151 jelzi, hogy a v\u00e1lasz helyes vagy helytelen. Ha a v\u00e1lasz negat\u00edv, a betolakod\u00f3 \u00fajabb k\u00e9r\u00e9st tesz. Ez a t\u00e1mad\u00e1si technika lass\u00fa, mert a hackernek minden karaktert egyenk\u00e9nt kell v\u00e9gigmennie, k\u00fcl\u00f6n\u00f6sen, ha hatalmas adatb\u00e1zisokat t\u00e1mad.<\/p>\n\n\n\n
P\u00e9lda vak SQLi-re<\/strong><\/p>\n\n\n\n
Ebben a p\u00e9ld\u00e1ban a t\u00e1mad\u00f3 megpr\u00f3b\u00e1lja meghat\u00e1rozni, hogy a 999-es azonos\u00edt\u00f3j\u00fa felhaszn\u00e1l\u00f3 l\u00e9tezik-e az adatb\u00e1zisban. Ehhez a k\u00f6vetkez\u0151 utas\u00edt\u00e1st haszn\u00e1lja:<\/p>\n\n\n\n
IF(SUBSTRING((SELECT password FROM users WHERE user_id=999),0, LEN('titkos'))='titkos', SLEEP(30), 'hamis')<\/pre>\n\n\n\n
Ha a 999-es azonos\u00edt\u00f3j\u00fa felhaszn\u00e1l\u00f3 l\u00e9tezik az adatb\u00e1zisban \u00e9s a jelszava titkos, akkor az alkalmaz\u00e1s 30 m\u00e1sodpercig aludni fog. Az alkalmaz\u00e1s hamisat ad vissza, ha a felhaszn\u00e1l\u00f3 nem l\u00e9tezik az adatb\u00e1zisban.<\/p>\n\n\n
S\u00e1von k\u00edv\u00fcli SQLi<\/strong><\/h3>\n\n\n
Valaki, aki adatokat akar lopni, SQL k\u00f3dot k\u00fcldhet egy adatb\u00e1zis szervernek olyan m\u00f3don, amely nem r\u00e9sze a szok\u00e1sos kommunik\u00e1ci\u00f3nak a szerver \u00e9s m\u00e1s sz\u00e1m\u00edt\u00f3g\u00e9pek k\u00f6z\u00f6tt. Ezt meg lehet tenni azzal, hogy inform\u00e1ci\u00f3kat k\u00fcldenek a szervernek DNS vagy HTTP k\u00e9r\u00e9seken kereszt\u00fcl.<\/p>\n\n\n\n
The app\u2019s response will not be affected by whether or not any data is returned, whether or not there is a problem with the database, or how long it takes to execute the query. Out-of-band can be used in network interactions to fire events at will. Depending on an injected condition, these may be activated conditionally to gain knowledge one bit at a time.<\/p>\n\n\n\n
Data can also leak via several networking protocols from network interactions. The visual represents the request sent from the web application to the app\u2019s database.<\/p>\n\n\n\n
P\u00e9lda out-of-band SQLi-re<\/strong><\/p>\n\n\n\n
Ebben a p\u00e9ld\u00e1ban a t\u00e1mad\u00f3 megpr\u00f3b\u00e1lja meghat\u00e1rozni, hogy egy adott felhaszn\u00e1l\u00f3 l\u00e9tezik-e az adatb\u00e1zisban. Ehhez a k\u00f6vetkez\u0151 utas\u00edt\u00e1st haszn\u00e1lja:<\/p>\n\n\n\n
SELECT user_id FROM users WHERE username='$username' AND password='$password' LIMIT 0,0 UNION SELECT NULL,'' INTO OUTFILE '\/var\/opt\/databases\/$filename.php'; --<\/pre>\n\n\n\n
Az alkalmaz\u00e1s visszaadja a felhaszn\u00e1l\u00f3 azonos\u00edt\u00f3j\u00e1t, ha a felhaszn\u00e1l\u00f3 l\u00e9tezik az adatb\u00e1zisban. Ha a felhaszn\u00e1l\u00f3 nem l\u00e9tezik az adatb\u00e1zisban, akkor az alkalmaz\u00e1s l\u00e9trehoz egy f\u00e1jlt, amely PHP k\u00f3dot tartalmaz, amely rendszerparancsok v\u00e9grehajt\u00e1s\u00e1ra haszn\u00e1lhat\u00f3. A t\u00e1mad\u00f3 ezut\u00e1n ezt a f\u00e1jlt haszn\u00e1lhatja parancsok futtat\u00e1s\u00e1ra a szerveren.<\/p>\n\n\n
Hogyan el\u0151zz\u00fck meg az SQL befecskendez\u00e9st<\/strong><\/h2>\n\n\n
The best way to protect against SQL injection attacks is to use input validation, prepared statements, and parametrized queries. The code should never make direct use of the user\u2019s input. Developers must sanitize all input instead of simply web form inputs such as login forms. Single quotes should be eliminated from any questionable code components. It\u2019s also a good idea to hide database problems on live sites to avoid inadvertently revealing them. SQL injection may provide information about a database system that attackers can use to their advantage.<\/p>\n\n\n\n
If you find a problem with your website, you should take it offline immediately and contact your hosting provider. They can help you determine whether or not your site has been compromised and what steps you need to take to fix the problem. In the meantime, ensure that all of your website\u2019s users know about the problem and change their passwords as soon as possible.<\/p>\n\n\n
Megel\u0151z\u00e9si tippek az SQL befecskendez\u00e9sek elker\u00fcl\u00e9s\u00e9re<\/strong><\/h2>\n\n\n
Van n\u00e9h\u00e1ny m\u00f3dja annak, hogy elker\u00fclj\u00fck az SQL befecskendez\u00e9si sebezhet\u0151s\u00e9geket a programoz\u00e1si nyelv\u00fcnkben \u00e9s az adatb\u00e1zis be\u00e1ll\u00edt\u00e1sunkban. Ezek a technik\u00e1k a legt\u00f6bb adatb\u00e1zissal, p\u00e9ld\u00e1ul XML-lel is haszn\u00e1lhat\u00f3k. Ezeket a technik\u00e1kat haszn\u00e1lhatjuk az adatb\u00e1zisok biztons\u00e1gosabb\u00e1 t\u00e9tel\u00e9re.<\/p>\n\n\n
1) Megfelel\u0151en fel\u00e9p\u00edtett t\u00e1rolt elj\u00e1r\u00e1sok haszn\u00e1lata<\/h3>\n\n\n
A kezd\u0151knek azzal kell kezdeni\u00fck, hogy megtanulj\u00e1k, hogyan hozzanak l\u00e9tre utas\u00edt\u00e1sokat v\u00e1ltoz\u00f3kkal. Ez k\u00f6nnyebb, mint dinamikus lek\u00e9rdez\u00e9seket l\u00e9trehozni, \u00e9s k\u00f6nnyebb meg\u00e9rteni. A param\u00e9terezett lek\u00e9rdez\u00e9sek eset\u00e9n a fejleszt\u0151 l\u00e9trehozza az \u00f6sszes SQL k\u00f3dot, majd k\u00e9s\u0151bb adja meg az egyes param\u00e9tereket. Ez a m\u00f3dszer lehet\u0151v\u00e9 teszi az adatb\u00e1zis sz\u00e1m\u00e1ra, hogy megk\u00fcl\u00f6nb\u00f6ztesse a forr\u00e1sk\u00f3dot \u00e9s az inform\u00e1ci\u00f3kat.<\/p>\n\n\n\n
Prepared statements help ensure that a query\u2019s goal is not changed, even if someone tries to give SQL instructions.<\/p>\n\n\n
2) Enged\u00e9lyez\u0151lista alap\u00fa bemeneti \u00e9rv\u00e9nyes\u00edt\u00e9s<\/h3>\n\n\n
SQL queries use bind variables in specific places for data. For example, if you\u2019re using Python, you would use the %s<\/strong> helykit\u00f6lt\u0151. Haszn\u00e1lhatunk regul\u00e1ris kifejez\u00e9st a felhaszn\u00e1l\u00f3i bemenet \u00e9rv\u00e9nyes\u00edt\u00e9s\u00e9re az enged\u00e9lyez\u0151list\u00e1val szemben, hogy milyen karakterek enged\u00e9lyezettek az egyes k\u00f6t\u00e9si v\u00e1ltoz\u00f3kban.<\/p>\n\n\n\n
If you\u2019re using JavaScript, you can use \\w<\/strong> az alfanumerikus \u00e9s al\u00e1h\u00faz\u00e1s karakterek illeszt\u00e9s\u00e9re.<\/p>\n\n\n\n
Az enged\u00e9lyez\u0151list\u00e1nak a lehet\u0151 legspecifikusabbnak kell lennie a t\u00e9ves pozit\u00edvok elker\u00fcl\u00e9se \u00e9rdek\u00e9ben.<\/p>\n\n\n\n
For example, if you\u2019re looking for a US phone number, you would use the following regular expression:<\/p>\n\n\n\n
\/^\\d{11}$\/<\/pre>\n\n\n\n
This would match a string of 11 digits that could be a phone number. If someone tried to submit something like \u2018abcdef<\/strong>\u2018, it would not match, and the input would be invalid.<\/p>\n\n\n\n
This will help make sure your data is safe and sound. If you need to use values from code instead of user parameters, that\u2019s okay too!<\/p>\n\n\n\n
Azonban, ha a felhaszn\u00e1l\u00f3i param\u00e9ter\u00e9rt\u00e9kek konkr\u00e9t t\u00e1bl\u00e1zat- \u00e9s oszlopneveket c\u00e9loznak meg, akkor a param\u00e9ter\u00e9rt\u00e9keket a megfelel\u0151 t\u00e1bl\u00e1zat- \u00e9s oszlopnevekre kell t\u00e9rk\u00e9pezni annak biztos\u00edt\u00e1sa \u00e9rdek\u00e9ben, hogy az \u00e9rv\u00e9nytelen\u00edtett felhaszn\u00e1l\u00f3i bemenet ne ker\u00fclj\u00f6n a lek\u00e9rdez\u00e9sbe.<\/p>\n\n\n
3) Feh\u00e9rlist\u00e1k haszn\u00e1lata<\/h3>\n\n\n
Ne sz\u0171rj\u00fck a felhaszn\u00e1l\u00f3i bemenetet rossz karakterek feketelist\u00e1i alapj\u00e1n. Sokkal hat\u00e9konyabb a j\u00f3 karakterek enged\u00e9lyez\u0151list\u00e1inak haszn\u00e1lata, amelyek v\u00e1rhat\u00f3ak az adott mez\u0151kben. Ez meg\u00e1ll\u00edtja az SQL befecskendez\u00e9si t\u00e1mad\u00e1sokat, miel\u0151tt elkezd\u0151dn\u00e9nek.<\/p>\n\n\n\n
P\u00e9ld\u00e1ul, csak sz\u00e1mjegyeket \u00e9s k\u00f6t\u0151jeleket enged\u00e9lyezz\u00fcnk a bemeneti mez\u0151ben, ha telefonsz\u00e1mot v\u00e1runk. Ha e-mail c\u00edmet v\u00e1runk, csak azokat a karaktereket enged\u00e9lyezz\u00fck, amelyek \u00e9rv\u00e9nyesek egy e-mail c\u00edmben.<\/p>\n\n\n
4) Haszn\u00e1ljuk a legfrissebb platformokat<\/h3>\n\n\n
A PHP nem rendelkezik SQLi v\u00e9delemmel a r\u00e9gebbi webfejleszt\u00e9si platformokon. Haszn\u00e1ljuk a legfrissebb programoz\u00e1si k\u00f6rnyezet, nyelv \u00e9s kapcsol\u00f3d\u00f3 technol\u00f3gi\u00e1k el\u00e9rhet\u0151 kiad\u00e1s\u00e1t. Ebben a p\u00e9ld\u00e1ban a PHP helyett ink\u00e1bb a PDO-t haszn\u00e1ljuk.<\/p>\n\n\n
5) Rendszeresen vizsg\u00e1ljuk \u00e1t webalkalmaz\u00e1sunkat<\/h3>\n\n\n
Az SQL befecskendez\u00e9seket nagyon neh\u00e9z \u00e9szrevenni. Fontos, hogy rendszeresen vizsg\u00e1ljuk \u00e1t webalkalmaz\u00e1sunkat a sebezhet\u0151s\u00e9gek szempontj\u00e1b\u00f3l.<\/p>\n\n\n
6) Legkisebb jogosults\u00e1g \u00e9rv\u00e9nyes\u00edt\u00e9se<\/h3>\n\n\n
A legkisebb jogosults\u00e1g elve egy biztons\u00e1gi koncepci\u00f3, amely korl\u00e1tozza a felhaszn\u00e1l\u00f3kat a munk\u00e1juk elv\u00e9gz\u00e9s\u00e9hez sz\u00fcks\u00e9ges minim\u00e1lis hozz\u00e1f\u00e9r\u00e9sre. Ez mag\u00e1ban foglalja a felhaszn\u00e1l\u00f3k \u00e1ltal birtokolt fi\u00f3kok sz\u00e1m\u00e1nak \u00e9s azok jogosults\u00e1gainak korl\u00e1toz\u00e1s\u00e1t.<\/p>\n\n\n\n
A legkisebb funkcion\u00e1lis korl\u00e1toz\u00e1s (LRF) a felhaszn\u00e1l\u00f3i jogok, fi\u00f3kok \u00e9s sz\u00e1m\u00edt\u00e1si folyamatok korl\u00e1toz\u00e1s\u00e1nak gyakorlata \u00e9s koncepci\u00f3ja csak az alapvet\u0151, elfogadhat\u00f3 feladatokhoz sz\u00fcks\u00e9ges er\u0151forr\u00e1sokra. Ez seg\u00edt fenntartani a minim\u00e1lis felhaszn\u00e1l\u00f3i jogokat vagy enged\u00e9lyszinteket, ami l\u00e9tfontoss\u00e1g\u00fa az emberek sz\u00e1m\u00e1ra, hogy hat\u00e9konyan v\u00e9gezhess\u00e9k munk\u00e1jukat.<\/p>\n\n\n\n
A legkisebb jogosults\u00e1g egy biztons\u00e1gi elv, amely megk\u00f6veteli, hogy az alkalmaz\u00e1sok, rendszerek \u00e9s eszk\u00f6z\u00f6k csak a sz\u00fcks\u00e9ges enged\u00e9lyekkel rendelkezzenek egy adott feladat elv\u00e9gz\u00e9s\u00e9hez. \u00cdgy ha valaki kihaszn\u00e1l egy sebezhet\u0151s\u00e9get \u00e9s k\u00e1rt okoz, a hat\u00e1s korl\u00e1tozott lesz. Ez ellent\u00e9tben \u00e1ll azzal, hogy a felhaszn\u00e1l\u00f3knak t\u00f6bb enged\u00e9lyt adunk, mint amennyire sz\u00fcks\u00e9g\u00fck van, ami n\u00f6veli a jelent\u0151s k\u00e1rok kock\u00e1zat\u00e1t egy SQL t\u00e1mad\u00e1s sor\u00e1n.<\/p>\n\n\n
SQL Injection \u2013 Frequently asked questions<\/strong><\/h2>\n\n\n
\u00a0<\/div><\/div>\n\n\n\n
\n
Mi a leggyakoribb SQL injekci\u00f3?<\/strong>\n
Az in-band SQL befecskendez\u00e9s a leggyakoribb t\u00edpus\u00fa SQL befecskendez\u00e9si t\u00e1mad\u00e1s. Ez akkor fordul el\u0151, amikor a t\u00e1mad\u00f3 ugyanazt a kommunik\u00e1ci\u00f3s csatorn\u00e1t haszn\u00e1lhatja a payload tov\u00e1bb\u00edt\u00e1s\u00e1ra \u00e9s az eredm\u00e9nyek \u00f6sszegy\u0171jt\u00e9s\u00e9re.<\/p>\n<\/div>\n
Mi a legjobb v\u00e9dekez\u00e9s az SQL injekci\u00f3 ellen?<\/strong>\n
A legjobb v\u00e9delem az SQL befecskendez\u00e9s ellen a param\u00e9terezett lek\u00e9rdez\u00e9sek haszn\u00e1lata. Ez a fajta lek\u00e9rdez\u00e9s hely\u0151rz\u0151 \u00e9rt\u00e9keket haszn\u00e1l a param\u00e9terekhez, amelyeket k\u00e9s\u0151bb adnak meg. Ez a m\u00f3dszer lehet\u0151v\u00e9 teszi az adatb\u00e1zis sz\u00e1m\u00e1ra, hogy megk\u00fcl\u00f6nb\u00f6ztesse a forr\u00e1sk\u00f3dot \u00e9s az inform\u00e1ci\u00f3t.<\/p>\n<\/div>\n
Hogyan \u00e9szlelhet\u0151 az SQL befecskendez\u00e9s?<\/strong>\n
Az SQL befecskendez\u00e9s t\u00f6bbf\u00e9lek\u00e9ppen is \u00e9szlelhet\u0151. Az egyik m\u00f3dszer egy webalkalmaz\u00e1s t\u0171zfal (WAF) haszn\u00e1lata. A WAF egy hardver vagy szoftver, amely a webalkalmaz\u00e1s \u00e9s az internet k\u00f6z\u00f6tt helyezkedik el. Vizsg\u00e1lja a forgalmat rosszindulat\u00fa tev\u00e9kenys\u00e9gek ut\u00e1n, \u00e9s k\u00e9pes blokkolni az SQL befecskendez\u00e9si t\u00e1mad\u00e1sokat.<\/p>\n<\/div>\n
Mi az a m\u00e1sodrend\u0171 SQL befecskendez\u00e9s?<\/strong>\n
A m\u00e1sodlagos SQL befecskendez\u00e9s akkor fordul el\u0151, amikor a t\u00e1mad\u00f3 olyan k\u00f3dot tud befecskendezni, amelyet a webalkalmaz\u00e1s t\u00e1rol, majd k\u00e9s\u0151bb v\u00e9grehajt. Ez a t\u00e1mad\u00e1st\u00edpus nehezebben kivitelezhet\u0151, mert a t\u00e1mad\u00f3nak rendelkeznie kell egy m\u00f3dszerrel a t\u00e1rolt k\u00f3d v\u00e9grehajt\u00e1s\u00e1nak kiv\u00e1lt\u00e1s\u00e1ra.<\/p>\n<\/div>\n
Mi az a vak SQL befecskendez\u00e9s?<\/strong>\n
A vak SQL befecskendez\u00e9s egy olyan t\u00e1mad\u00e1s, ahol a t\u00e1mad\u00f3 nem l\u00e1tja k\u00f6zvetlen\u00fcl a saj\u00e1t k\u00f3dj\u00e1nak eredm\u00e9nyeit. Ehelyett igaz vagy hamis \u00e1ll\u00edt\u00e1sokat kell haszn\u00e1lnia, hogy k\u00f6vetkeztet\u00e9seket vonjon le az adatb\u00e1zisb\u00f3l. Ez a fajta t\u00e1mad\u00e1s nehezebben kivitelezhet\u0151, de ugyanolyan vesz\u00e9lyes lehet, mint m\u00e1s t\u00edpus\u00fa SQL befecskendez\u00e9sek.<\/p>\n<\/div>\n
Mi az a halmozott lek\u00e9rdez\u00e9s?<\/strong>\n
A halmozott lek\u00e9rdez\u00e9s egy olyan SQL befecskendez\u00e9s, ahol a t\u00e1mad\u00f3 t\u00f6bb lek\u00e9rdez\u00e9st haszn\u00e1l az adatb\u00e1zisb\u00f3l sz\u00e1rmaz\u00f3 inform\u00e1ci\u00f3k kinyer\u00e9s\u00e9re. Ez a t\u00e1mad\u00e1st\u00edpus nehezebben v\u00e9grehajthat\u00f3, de siker eset\u00e9n nagyon vesz\u00e9lyes lehet.<\/p>\n<\/div>\n
Mi az a hiba alap\u00fa SQL befecskendez\u00e9s?<\/strong>\n
A hibaalap\u00fa SQL befecskendez\u00e9s egy olyan t\u00e1mad\u00e1s, ahol a t\u00e1mad\u00f3 adatb\u00e1zis hib\u00e1kat haszn\u00e1l fel arra, hogy inform\u00e1ci\u00f3t szerezzen az adatb\u00e1zisb\u00f3l. Ez a t\u00e1mad\u00e1s nehezebben kivitelezhet\u0151, de ha sikeres, nagyon vesz\u00e9lyes lehet.<\/p>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"
Mi az SQL injection Az SQL injection (SQLi) egy olyan t\u00e1mad\u00e1st\u00edpus, amely lehet\u0151v\u00e9 teszi a b\u0171n\u00f6z\u0151k sz\u00e1m\u00e1ra, hogy rosszindulat\u00fa SQL utas\u00edt\u00e1sokat hajtsanak v\u00e9gre sebezhet\u0151 webalkalmaz\u00e1sok ellen. A t\u00e1mad\u00f3k hozz\u00e1f\u00e9rhetnek \u00e9rz\u00e9keny adatokhoz, p\u00e9ld\u00e1ul\u2026 Folytat\u00e1s SQL Injection 101: Mi az SQLi \u00e9s hogyan lehet megel\u0151zni a t\u00e1mad\u00e1sokat<\/span><\/a><\/p>","protected":false},"author":1,"featured_media":644,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[],"class_list":["post-505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","entry"],"yoast_head":"\nWhat is SQLi and How to Prevent Attacks | securitybriefing<\/title>\n<meta name=\"description\" content=\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securitybriefing.net\/hu\/biztonsag\/sql-befecskendezes-101-mi-az-sqli-es-hogyan-lehet-megelozni-a-tamadasokat\/\" \/>\n<meta property=\"og:locale\" content=\"hu_HU\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is SQLi and How to Prevent Attacks | securitybriefing\" \/>\n<meta property=\"og:description\" content=\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securitybriefing.net\/hu\/biztonsag\/sql-befecskendezes-101-mi-az-sqli-es-hogyan-lehet-megelozni-a-tamadasokat\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Briefing\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-06T22:53:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\" \/>\n\t<meta property=\"og:image:width\" content=\"558\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Szerz\u0151:\" \/>\n\t<meta name=\"twitter:data1\" content=\"security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Becs\u00fclt olvas\u00e1si id\u0151\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 perc\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"},\"author\":{\"name\":\"security\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/3028d22c692af329bb87883b4b4a8170\"},\"headline\":\"SQL Injection 101: What is SQLi and How to Prevent Attacks\",\"datePublished\":\"2022-08-06T22:53:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"},\"wordCount\":2130,\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"articleSection\":[\"Security\"],\"inLanguage\":\"hu\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\",\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\",\"name\":\"What is SQLi and How to Prevent Attacks | securitybriefing\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"datePublished\":\"2022-08-06T22:53:54+00:00\",\"description\":\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\"}],\"inLanguage\":\"hu\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"hu\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"width\":558,\"height\":500,\"caption\":\"sql injection\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securitybriefing.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Injection 101: What is SQLi and How to Prevent Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securitybriefing.net\/#website\",\"url\":\"https:\/\/securitybriefing.net\/\",\"name\":\"Security Briefing\",\"description\":\"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.\",\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securitybriefing.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"hu\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securitybriefing.net\/#organization\",\"name\":\"Security Briefing\",\"url\":\"https:\/\/securitybriefing.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"hu\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"width\":256,\"height\":70,\"caption\":\"Security Briefing\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/3028d22c692af329bb87883b4b4a8170\",\"name\":\"security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"hu\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g\",\"caption\":\"security\"},\"description\":\"admin is a senior staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She\u2019s based outside Boston.\",\"sameAs\":[\"http:\/\/securitybriefing.net\"],\"url\":\"https:\/\/securitybriefing.net\/hu\/author\/security\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\",\"position\":1,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\",\"name\":\"What is the most common SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"In-band SQL injection is the most common type of SQL injection attack. It occurs when an attacker can use the same communication channel to deliver the payload and gather results.\",\"inLanguage\":\"hu\"},\"inLanguage\":\"hu\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\",\"position\":2,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\",\"name\":\"What is the best defense of SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The best defense against SQL injection is to use parameterized queries. This type of query uses placeholder values for parameters, which are supplied at a later date. This method allows the database to identify between source code and information.\",\"inLanguage\":\"hu\"},\"inLanguage\":\"hu\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\",\"position\":3,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\",\"name\":\"How is SQL injection detected?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"SQL injection can be detected in several ways. One method is to use a web application firewall (WAF). A WAF is a piece of hardware or software that sits between a web application and the internet. It inspects traffic for malicious activity and can block SQL injection attacks.\",\"inLanguage\":\"hu\"},\"inLanguage\":\"hu\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\",\"position\":4,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\",\"name\":\"What is second-order SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Second-order SQL injection occurs when an attacker can inject a payload that is stored by the web application and then later executed. This type of attack is more difficult to achieve because the attacker must have a way to trigger the execution of the stored payload.\",\"inLanguage\":\"hu\"},\"inLanguage\":\"hu\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\",\"position\":5,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\",\"name\":\"What is blind SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Blind SQL injection is an attack where the attacker does not directly see the results of their payload. Instead, they must use true or false statements to infer information from the database. This type of attack is more challenging to execute but can be just as dangerous as other types of SQL injection.\",\"inLanguage\":\"hu\"},\"inLanguage\":\"hu\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\",\"position\":6,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\",\"name\":\"What is a stacked query?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A stacked query is a type of SQL injection where the attacker uses multiple queries to extract information from the database. This type of attack is more challenging to execute but can be very dangerous if successful.\",\"inLanguage\":\"hu\"},\"inLanguage\":\"hu\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\",\"position\":7,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\",\"name\":\"What is an error-based SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Error-based SQL injection is an attack where the attacker uses database errors to infer information from the database. This attack is more challenging to execute but can be very dangerous if successful.\",\"inLanguage\":\"hu\"},\"inLanguage\":\"hu\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mi az SQLi \u00e9s hogyan lehet megel\u0151zni a t\u00e1mad\u00e1sokat | biztons\u00e1gi t\u00e1j\u00e9koztat\u00f3","description":"Tanulja meg az SQL injekci\u00f3 alapjait. Mi az SQL injekci\u00f3, hogyan m\u0171k\u00f6dik, \u00e9s milyen m\u00f3dokon v\u00e9dheti meg webhely\u00e9t a t\u00e1mad\u00e1sokt\u00f3l.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securitybriefing.net\/hu\/biztonsag\/sql-befecskendezes-101-mi-az-sqli-es-hogyan-lehet-megelozni-a-tamadasokat\/","og_locale":"hu_HU","og_type":"article","og_title":"What is SQLi and How to Prevent Attacks | securitybriefing","og_description":"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.","og_url":"https:\/\/securitybriefing.net\/hu\/biztonsag\/sql-befecskendezes-101-mi-az-sqli-es-hogyan-lehet-megelozni-a-tamadasokat\/","og_site_name":"Security Briefing","article_published_time":"2022-08-06T22:53:54+00:00","og_image":[{"width":558,"height":500,"url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","type":"image\/png"}],"author":"security","twitter_card":"summary_large_image","twitter_misc":{"Szerz\u0151:":"security","Becs\u00fclt olvas\u00e1si id\u0151":"11 perc"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#article","isPartOf":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"},"author":{"name":"security","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/3028d22c692af329bb87883b4b4a8170"},"headline":"SQL Injection 101: What is SQLi and How to Prevent Attacks","datePublished":"2022-08-06T22:53:54+00:00","mainEntityOfPage":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"},"wordCount":2130,"publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"image":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","articleSection":["Security"],"inLanguage":"hu"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/","url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/","name":"Mi az SQLi \u00e9s hogyan lehet megel\u0151zni a t\u00e1mad\u00e1sokat | biztons\u00e1gi t\u00e1j\u00e9koztat\u00f3","isPartOf":{"@id":"https:\/\/securitybriefing.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"image":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","datePublished":"2022-08-06T22:53:54+00:00","description":"Tanulja meg az SQL injekci\u00f3 alapjait. Mi az SQL injekci\u00f3, hogyan m\u0171k\u00f6dik, \u00e9s milyen m\u00f3dokon v\u00e9dheti meg webhely\u00e9t a t\u00e1mad\u00e1sokt\u00f3l.","breadcrumb":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814"}],"inLanguage":"hu","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"hu","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","width":558,"height":500,"caption":"sql injection"},{"@type":"BreadcrumbList","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securitybriefing.net\/"},{"@type":"ListItem","position":2,"name":"SQL Injection 101: What is SQLi and How to Prevent Attacks"}]},{"@type":"WebSite","@id":"https:\/\/securitybriefing.net\/#website","url":"https:\/\/securitybriefing.net\/","name":"Biztons\u00e1gi t\u00e1j\u00e9koztat\u00f3","description":"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.","publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securitybriefing.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"hu"},{"@type":"Organization","@id":"https:\/\/securitybriefing.net\/#organization","name":"Biztons\u00e1gi t\u00e1j\u00e9koztat\u00f3","url":"https:\/\/securitybriefing.net\/","logo":{"@type":"ImageObject","inLanguage":"hu","@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","width":256,"height":70,"caption":"Security Briefing"},"image":{"@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/3028d22c692af329bb87883b4b4a8170","name":"biztons\u00e1g","image":{"@type":"ImageObject","inLanguage":"hu","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g","caption":"security"},"description":"admin a Government Technology vezet\u0151 munkat\u00e1rsa. Kor\u00e1bban a PYMNTS \u00e9s a The Bay State Banner sz\u00e1m\u00e1ra \u00edrt, \u00e9s a Carnegie Mellon Egyetemen szerzett B.A. diplom\u00e1t kreat\u00edv \u00edr\u00e1sb\u00f3l. Boston k\u00f6rny\u00e9k\u00e9n \u00e9l.","sameAs":["http:\/\/securitybriefing.net"],"url":"https:\/\/securitybriefing.net\/hu\/author\/security\/"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348","position":1,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348","name":"Mi a leggyakoribb SQL injekci\u00f3?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"In-band SQL injection is the most common type of SQL injection attack. It occurs when an attacker can use the same communication channel to deliver the payload and gather results.","inLanguage":"hu"},"inLanguage":"hu"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832","position":2,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832","name":"Mi a legjobb v\u00e9dekez\u00e9s az SQL injekci\u00f3 ellen?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"The best defense against SQL injection is to use parameterized queries. This type of query uses placeholder values for parameters, which are supplied at a later date. This method allows the database to identify between source code and information.","inLanguage":"hu"},"inLanguage":"hu"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670","position":3,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670","name":"Hogyan \u00e9szlelhet\u0151 az SQL befecskendez\u00e9s?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"SQL injection can be detected in several ways. One method is to use a web application firewall (WAF). A WAF is a piece of hardware or software that sits between a web application and the internet. It inspects traffic for malicious activity and can block SQL injection attacks.","inLanguage":"hu"},"inLanguage":"hu"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103","position":4,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103","name":"Mi az a m\u00e1sodrend\u0171 SQL befecskendez\u00e9s?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Second-order SQL injection occurs when an attacker can inject a payload that is stored by the web application and then later executed. This type of attack is more difficult to achieve because the attacker must have a way to trigger the execution of the stored payload.","inLanguage":"hu"},"inLanguage":"hu"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267","position":5,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267","name":"Mi az a vak SQL befecskendez\u00e9s?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Blind SQL injection is an attack where the attacker does not directly see the results of their payload. Instead, they must use true or false statements to infer information from the database. This type of attack is more challenging to execute but can be just as dangerous as other types of SQL injection.","inLanguage":"hu"},"inLanguage":"hu"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781","position":6,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781","name":"Mi az a halmozott lek\u00e9rdez\u00e9s?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"A stacked query is a type of SQL injection where the attacker uses multiple queries to extract information from the database. This type of attack is more challenging to execute but can be very dangerous if successful.","inLanguage":"hu"},"inLanguage":"hu"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814","position":7,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814","name":"Mi az a hiba alap\u00fa SQL befecskendez\u00e9s?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Error-based SQL injection is an attack where the attacker uses database errors to infer information from the database. This attack is more challenging to execute but can be very dangerous if successful.","inLanguage":"hu"},"inLanguage":"hu"}]}},"_links":{"self":[{"href":"https:\/\/securitybriefing.net\/hu\/wp-json\/wp\/v2\/posts\/505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitybriefing.net\/hu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitybriefing.net\/hu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/hu\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/hu\/wp-json\/wp\/v2\/comments?post=505"}],"version-history":[{"count":0,"href":"https:\/\/securitybriefing.net\/hu\/wp-json\/wp\/v2\/posts\/505\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/hu\/wp-json\/wp\/v2\/media\/644"}],"wp:attachment":[{"href":"https:\/\/securitybriefing.net\/hu\/wp-json\/wp\/v2\/media?parent=505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitybriefing.net\/hu\/wp-json\/wp\/v2\/categories?post=505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitybriefing.net\/hu\/wp-json\/wp\/v2\/tags?post=505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}