Sir, I will be explaining you about SQL injection.

So SQL injection is a code based attack in

which the attacker tries to gain access to a certain database by injecting a malicious string in the
input field. The web app that generates a query to the database is injected with a string. The logic
used is OR logic. The statement ' or 1=1-- bypasses any other information and returns a success
to the login irrespective of the match. This way the attacker gains access to the database and can
then access all the confidential records like transaction ids, balance, etc on the bank server
database.
There are 2 types of SQL attacks GET and POST based. Get based modifies the data via the url
and POST based modifies data from input box. We can prevent such attacks by using bind
parameters which takes the statement 'or 1=1-- as a simple string and not as a logic. Thus the
query match results in failure.
Programming languages used to create the website and the related database:

➔ HTML

➔ CSS

➔ JavaScript

➔ PHP

➔ SQL
To host the website locally, XAMPP server has been used. The web browser that has been used
to perform these attacks is Google Chrome. These attacks are carried out using SQLMap and
on command prompt and basic SQL queries.
Attack: SQLMap - SQLMap is an open source penetration testing tool that automates the
process of detecting and exploiting SQL injection flaws and taking over of database servers

Detection and protection: Powerfuzzer: it is a highly automated and fully customizable web
fuzzer capable of identifying many types of injections like SQL, LDAP, code, commands, and
XPATH, W3af : An open source, web application attack and audit framework. It is powerful and
can detect most of the vulnerabilities in a website.