One of the most serious vulnerabilities caused by weak input validation controls is SQL injection, which is included in the OWASP Top 10 due to its impact and periodic appearance in web applications.
SQL injection vulnerabilities allow malicious users to execute SQL statements that are not expected by the application. In some cases, these SQL injections can modify the application's flow, exposing all the information stored by the data store, usually a database server, or even compromise the whole server, becoming an attack vector for much more.
We will cover the following topics in this chapter:
- Salesforce SQL injection
- Drupal SQL injection