sqli

123456789101112131415
Across
  1. 2. Leaking these can reveal the structure of the database.
  2. 3. This command retrieves data from a database table.
  3. 5. A goal of SQLi attacks on login forms (e.g., using ' OR 1=1 --).
  4. 7. UNION injections must match the number of these in the query.
  5. 8. Often used in UNION attacks to match column counts.
  6. 11. The condition '1'='1' always returns this, letting attackers bypass logic.
  7. 12. The payload SELECT @@____ can be used to leak this.
  8. 15. The broader category of attack involving unexpected input in queries.
Down
  1. 1. Query keyword used to sort results, which can reveal column count.
  2. 4. This operator (--) is used to stop the rest of a query.
  3. 5. A flawed approach that blocks known bad patterns.
  4. 6. A string of malicious SQL code submitted by an attacker.
  5. 9. Queries that use this technique help prevent injections.
  6. 10. Using SeLeCt instead of SELECT is an example of this evasion.
  7. 13. A type of injection where no visible error messages are shown.
  8. 14. The process of cleaning user input to avoid dangerous queries.