Most of the applications are in the client server architecture, these applications use a database to store and retrive data to be displayed, etc.,
For example when a web portal (or applicaiton) registers a new user it uses a form to accept user data like name, date of birth, etc.,
These data is then stored into the backend database through SQL queries in the program.
INSERT INTO USERS (`user_name`,`user_password`) VALUES (‘andrea123′,’mypassword’)
The values provided in the form by the users in the above example would be andrea123 and mypassword (as username and password).
And similarly when a user logs into the system into the application, the query would be somethign like this
SELECT user_name,user_password FROM USERS WHERE user_name=andrea123 AND user_password=’mypassword’
If a users enters his password as
mypassword AND 1=(SELECT * FROM USERS)
The SQL statement becomes
SELECT FROM USERS user_name,user_password WHERE user_name=andrea123 AND user_password=’mypassword” AND 1=(SELECT * FROM USERS)
The above statement selects and displays the entire content of the table users.
The above can be acheived if the user successfully guesses the table name (which may not be difficult).
Thus an <b>SQL injection</b> is
“subset of the an unverified/unsanitized user input vulnerability (“buffer overflows” are a different subset), and the idea is to convince the application to run SQL code that was not intended” (reference <a href=”http://www.unixwiz.net/techtips/sql-injection.html”>SQL Injection Attacks by Example</a>)
The above url helps you to better understand various scenarios on the same vulnerability and different things an user can acheive which was not intended by the actual applications programmers.
Hop the above helps
Note that the correct term is ‘<b>SQL Injection</b>’ (not ingestion).