SQL (Structured Query Language) injections attacks can give a hacker access to basically all the functions of the server/network. Some types of SQL injections can occur quickly across large swaths of information, doing great damage.
Article Excerpt:
Read Entire ArticleLast year, tech giant Yahoo! Inc. fell victim to a cyberattack. But unlike other high-profile attacks, the culprit wasn’t an APT or sophisticated threat sourced to a nation state. The weapon of choice was a simple SQL injection. According to reports, the miscreants targeted a vulnerability in a Yahoo! Web application some was thought to be associated with the company’s VoIP phone service, Yahoo! Voices.
SQL injection attacks remain some of the most widely used cyberweapons for one main reason: They work.
A Structured Query Language (SQL) injection exploits Web application security vulnerabilities at the database layer, allowing attackers to inject their own SQL commands to create, access, manipulate and delete sensitive data.