Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Jan 1, 2012
http://www.blackwaterops.com/discussi... "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability and the idea is to convince the application to run SQL code that was not intended.
If the application is creating SQL strings naively on the fly and then running them, it's straightforward to do serious damage to data, or manipulate records. You can even remotely change a password or add a super user if you know enough about the software running on the attack surface.