# SQL Injection **MITRE ATTACK layer:** Initial Access SQL Injection is what happens when an application blindly trusts user input and feeds it into a database query. Instead of data, the attacker sends instructions, and the database obediently executes them. It’s a trust failure between application logic and the database layer. Modern SQLi rarely looks like `' OR 1=1 --`. Today it’s subtle and often buried inside JSON APIs, GraphQL resolvers, or legacy admin panels. ## How is SQL Injection abused Attackers inject SQL through inputs that developers assume are harmless like filters, sorting fields, API parameters or internal admin tools. Modern SQLi is usually blind or out-of-band, relying on timing delays, boolean responses or DNS callbacks, not error messages. Second-order SQLi stores the payload safely first, then executes it later in a different code path. ## Why SQL Injection matters SQLi gives attackers direct control over data to read, modify or delete at will. It bypasses authentication, breaks business logic and enables full database exfiltration. Breaches are often discovered months or years later, when damage is irreversible. ## Real-world example ### MOVEit Transfer breach Attackers exploited a SQL injection flaw in MOVEit Transfer web application. The payload allowed unauthenticated SQL execution, letting attackers enumerate databases, steal file metadata, and directly extract sensitive files stored for transfer, which exposed exposed data of about 100 million individuals. It wasn't a single-company breach but a cascading supply-chain failure for 2,500+ organizations. [Source](https://gbhackers.com/moveit-transfer-systems-hit-by-wave-of-attacks/) ## Related topics ### Cross-Site Scripting [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/cross-site-scripting.html) ### Drive-by Download Attack [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/drive-by-download-attack.html) ### Shadow IT [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/shadow-it.html) ## Additional Resources ### Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central. [Read more](https://www.manageengine.com/products/desktop-central/forrester-total-economic-impact-uems.html?utm_source=ec-attackglossary) ### Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months. [Read more](https://www.manageengine.com/products/desktop-central/malware-protection-av-comparatives-dec2025.html?utm_source=ec-attack_glossary) ### Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies Get a clear, practical guide to understanding threats and strengthening your organization’s security. [Read more](https://www.manageengine.com/products/desktop-central/endpoint-security-for-dummies.html?utm_source=ec_attack-glossary)