Home / Hacking Glossary / Query Injection

Query Injection

A class of vulnerabilities where attacker-controlled input is incorporated into database or directory queries, allowing unauthorized data access or manipulation.

vulnerability
Practice Challenges 1 category
Web Exploitation
View challenges
Active CTF Events 3

SecurityBoat Community CTF Event 2026

Jan 4 - Jan 4, 2026 · 100 players

Bsides Agra CTF 2025

Dec 6 - Dec 7, 2025 · 100 players

Bsides Vizag CTF 2025

Dec 5 - Dec 6, 2025
View all events →
Related Terms 12
Buffer Overflow Command Injection Cross-Site Request Forgery (CSRF) Cross-Site Scripting (XSS) Directory Traversal IDOR (Insecure Direct Object Reference) LDAP Injection LFI (Local File Inclusion) Local Privilege Escalation Open Redirect RCE (Remote Code Execution) RFI (Remote File Inclusion)

Ready to learn Query Injection hands-on?

Put theory into practice with real hacking labs, CTF challenges, and guided courses on Parrot CTFs Events.

Get Started Free