Comment Re:WTF is this article ACTUALLY about?? (Score 1) 218
SQL injection does not exploit the SQL server at all, it exploits a vulnerability in the webapp that is sending the SQL query.
If there is SQL injection in an INSERT or UPDATE query, the attacker might be able to insert javascript into the database which might then be sent back to the users in the place of real content (e.g. article text). Basically, persistant XSS via SQL injection.
If there is SQL injection in an INSERT or UPDATE query, the attacker might be able to insert javascript into the database which might then be sent back to the users in the place of real content (e.g. article text). Basically, persistant XSS via SQL injection.