> SQL injection is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. Usually, it involves the insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system, and in some cases, issue commands to the operating system.
### Affected Components:
> delete-tracker.php
### Description:
> The presence of SQL Injection in the application enables attackers to issue direct queries to the database through specially crafted requests.
## Proof of Concept:
### Manual Exploitation
The payload `'"";SELECT SLEEP(5)#` can be employed to force the database to sleep for 5 seconds:
When using this tracking system, it is essential to update the application code to ensure user input sanitization and proper restrictions for special characters.