SQL Injection Definition
SQL injection is a code injection method used to attack data-driven applications into which malicious SQL statements are inserted into the input field for execution (for example, to dump the contents of a database to an attacker).
How SQL Injection Affects Android OS
The SQLite used in Android applications is fully functional databases, so, like SQL Server or MySQL, they can be susceptible to SQL injection. SQL injection usually works by adding data to the query string or adding data to the form field; give hackers access to the database or unauthorized entries. SQL Injection is typically used to attack web representations or a web service, but it can also be used to attack "Actions".
The root cause of SQL Injection is due to the use of dynamic or concatenated SQL queries. If SQL queries are created by combining user input The user can then supply SQL attack vectors instead of valid inputs and manipulate the SQL query for the backend.
The injection process works by terminating the text line prematurely and adding a new command. Since the inserted command may have additional lines added to it before its execution, the entered line ends with a “-” comment sign. Subsequent text is ignored at runtime.
My question
Although I understand what SQL Injection is and how SQL Injection can take place. I do not know what factors make Android code selection vulnerable to such an attack.
user4920338
source
share