Community Platform
PRO PROGRAM

Nicholas T. Nguyen

Interests
  • Cyber-democracy
  • Cyber-law
  • Cyber-security
This Year
No Points
Total
275 Points
MIS Badge

Click here
to validate the recipient

SQL Injection: MIS 2502 Extra Credit

SQL injection involves the unauthorized access into a company’s database. The hacker would insert SQL queries into the database, and be able to view, edit, delete, or create new databases, tables, or information, thus causing much harm. A hacker with malicious intent and a basic knowledge of SQL queries could view private information, delete important records, create fake information, or edit records to cause confusion.

This topic relates to what we learned in MIS 2502 because the curriculum involved practicing SQL. We demonstrated basic queries, and the purpose for each query in retrieving or inputting information into a database. We learned about queries that get information out of the database for viewing can be categorized by ID number or names, or can be put in order or grouped in any way the user desires. The class homework and exercises also taught us how to put information into the database, and delete, such as creating tables, rows, columns, and putting information into the columns. Deleting individual records, rows, columns, or entire tables was also discussed. All of these techniques and queries we learned in MIS 2502 can be used in destructive ways by a hacker in SQL injection.

In 2013, a hacker group called TeamBerserk used SQL injection to discover usernames, emails and passwords for customers of Sebastian, which is a phone, TV, and internet provider in California. With the email and password information, they were able to log onto people’s personal email accounts or online bank acounts, since many customers use the same email and email password for their Sebastian user account as they did for their email account or online bank. TeamBerserk used the simple SQL queries to obtain the information they needed, but did not edit or delete information. With this, they were able to hack into personal accounts to financially exploit their victims.

 

Sources:

SQL Injection:
https://www.owasp.org/index.php/SQL_Injection

Case Study:
http://www.scmagazine.com/hacker-group-claims-to-have-looted-100k-via-sql-injection-attack/article/317412/

Skip to toolbar