Legit thought we were past this era in 2024, but I keep seeing audit reports flagging this as a critical fail. With modern frameworks handling input sanitization by default, how are teams still getting pwned by this? Is it just laziness or what?
Real talk: are devs still getting wrecked by basic SQLi?
- Thread starter dzybalex
- Start date
yall not even kidding, basic SQLi is still exploited all the time, I've seen it happen with devs on smaller projects who are just thrown into a codebase without proper training, it's pretty sad that it's still an issue in 2023
abwer1
Member
- Joined
- Apr 10, 2011
- Messages
- 5
- Reaction score
- 0
Honestly, it's crazy how many devs still get pwned by SQLi, but I think it's also because many projects are built with frameworks and templates that don't emphasize proper security practices. I've seen some devs use prepared statements, but a lot still write raw queries, which is just asking for trouble.
I've seen some pretty basic SQLi attacks still slipping through in newer projects where the devs aren't experienced with security best practices. It's not just about the SQLi itself, it's about the lack of proper input validation and sanitization that lets these kinds of attacks happen in the first place. I'd say it's still a pretty common problem, especially in smaller dev teams.
