SQL Injection Attack
טקסט Storyboard
- A professional networking and career development website wants to implement a feature allowing its users to upload their CV to their account online. Considering this a small task, the software team decides to let a newly hired UI software developer implement this feature.
- The UI software developer quickly implements a feature that allows user to upload a word, PDF or plain text file to their account.
- A hacker familiar with the websites architecture realizes that the new CV upload option will take any text file input and run it. With this knowledge, the hacker begins building a malicious script to gain access to the websites database.
- Using a malicious script disguised as a CV, the hacker creates a back-door to the websites database, eventually intending to hold the server as hostage for a money exchange.
- Once the database is held hostage, the company has no choice but to give the hacker the money they request. The security searches far and wide for the system vulnerability that let the hacker in and eventually they conclude that the CV upload feature as the source of the attack.
- Shortly after the discovery of the source of the attack, the UI software developer is fired from the company.
נוצרו מעל 30 מיליון לוחות סיפור