Hacker Lexicon: SQL Injections, an Everyday Hacker's Favorite Attack

The security community is divided about the recent arrest of a security researcher who hacked into the website for the elections division of a county in Florida. It’s unanimous that the SQL injection method he used to expose the credentials—the security community pronounces it both as "ess-que-el" or "sequel"—is one of the most basic and oldest tricks hackers use to get into websites and the contents of backend databases connected to those sites. TL;DR: SQL injection attacks are the most common way that hackers gain access to websites and steal sensitive data, by exploiting vulnerabilities in web applications that interface with back-end databases. The computer security firm Imperva calls it the "most pernicious vulnerability in human computer history" and says that between 2005 and 2011, SQL attacks accounted for 83 percent of data breaches during that period. If the site has an SQL vulnerability, however, an attacker can insert a specially crafted string of code in the search box that might instead produce a list of all products in the database or, depending on the contents of the database, the email addresses and credit card numbers of anyone who purchased Samsung TVs.