+ 4
Is an SQL Injection an XSS attack?
By reading their definitions, they sound the same. Could someone clear this up?
1 Answer
+ 14
Yes, an SQL injection is a type of XSS attack, which involves exploiting user input fields. In the case of an SQL attack, an attacker sends SQL code through a user input field. Once the input is sent to the database, it will create, erase, or modify existing records. Any user who accesses modified records is affected by any malicious scripts they may have.
Another means of attack can be through inputting <script> tags. The input with the <script> tag is sent to the sites databases, and affects users who access the record with the entry. This doesn't involve any SQL.
btw, I saw this video in class the other day about XSS attacks. See it if you want to learn more ('cause I'm no expert lol): https://youtu.be/cbmBDiR6WaY