{"id":44232,"date":"2021-08-23T09:07:17","date_gmt":"2021-08-23T06:07:17","guid":{"rendered":"https:\/\/www.turhost.com/blog\/?p=44232"},"modified":"2021-11-26T09:37:26","modified_gmt":"2021-11-26T06:37:26","slug":"sql-injection-nedir","status":"publish","type":"post","link":"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/","title":{"rendered":"SQL Injection Nedir?"},"content":{"rendered":"\n<p>SQL veritaban\u0131 sistemi kullanan web sitelerini veya web uygulamalar\u0131n\u0131 etkileyen siber sald\u0131r\u0131 t\u00fcrlerini ara\u015ft\u0131ranlar\u0131n SQL Injection Nedir? sorusunun pe\u015fine d\u00fc\u015fmesi ka\u00e7\u0131n\u0131lmazd\u0131r.<\/p>\n\n\n\n<p>SQL Injection, 1998&#8217;de ke\u015ffedilmesine ra\u011fmen hala etkili olan ve ki\u015filerin, kurulu\u015flar\u0131n hatta \u00fclkelerin kritik verilerini \u00e7almak, de\u011fi\u015ftirmek, rehin almak i\u00e7in s\u0131kl\u0131kla ger\u00e7ekle\u015ftirilen bir siber tehdit t\u00fcr\u00fcd\u00fcr.<\/p>\n\n\n\n<p>SQL enjeksiyonunu anlamak i\u00e7in SQL&#8217;in ne oldu\u011funu hat\u0131rlamak yararl\u0131 olabilir.<\/p>\n\n\n\n<h2 id=\"sql-nedir\" class=\"wp-block-heading\">SQL Nedir?<\/h2>\n\n\n\n<p>SQL (Structured Query Language), Yap\u0131land\u0131r\u0131lm\u0131\u015f Sorgu Dili anlam\u0131na gelir. Bu dil temel olarak ili\u015fkisel veritaban\u0131 ile etkile\u015fim i\u00e7in geli\u015ftirilmi\u015ftir. Gerekli verilere eri\u015fme, veri ekleme, veritaban\u0131n\u0131 de\u011fi\u015ftirme veya sorgu amac\u0131yla kullan\u0131lan SQL; Microsoft SQL Server, Oracle, IBM DB2 ve MySQL gibi ili\u015fkisel veritabanlar\u0131 i\u00e7in komut ve kontrol dilidir. Modern web geli\u015ftirmede ili\u015fkisel veritabanlar\u0131, PHP, .NET, Java EE, Hibernate, SQLite gibi betik dillerinde yaz\u0131lm\u0131\u015f web uygulamalar\u0131n\u0131n ve i\u00e7erik y\u00f6netim sistemlerinin arka ucunda kritik bir kaynakt\u0131r.<\/p>\n\n\n\n<p>Dilerseniz SQL\u2019in avantajlar\u0131, nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131 ve kullan\u0131m alanlar\u0131ndan bahsetti\u011fimiz <a href=\"https:\/\/www.turhost.com/blog\/sql-nedir-ne-ise-yarar\/\">SQL Nedir? Ne \u0130\u015fe Yarar?<\/a> adl\u0131 yaz\u0131m\u0131za g\u00f6z atabilirsiniz.<\/p>\n\n\n\n<h2 id=\"sqli-nedir\" class=\"wp-block-heading\">SQLi Nedir?<\/h2>\n\n\n\n<p>SQL Injection ya da SQLi denen siber sald\u0131r\u0131 t\u00fcr\u00fc, web sayfas\u0131 ve web uygulamas\u0131 g\u00fcvenlik \u00f6nlemlerini atlamay\u0131 m\u00fcmk\u00fcn k\u0131lan bir korsanl\u0131k tekni\u011fidir. Sald\u0131rgan\u0131 SQL enjeksiyonu kullanmaya \u00e7eken; kritik veri hazinelerinin cazibesidir. Bu sald\u0131r\u0131 tekni\u011fini kullanarak, bilgisayar korsanlar\u0131 bir SQL veritaban\u0131n\u0131n i\u00e7eri\u011fini ele ge\u00e7irebilir, de\u011fi\u015ftirebilir ve silebilir.<\/p>\n\n\n\n<p>Uzun s\u00fcredir OWASP TOP 10&#8217;da yer alan ve en eski g\u00fcvenlik a\u00e7\u0131klar\u0131ndan biri olan SQL enjeksiyonu, istemciden uygulamaya giri\u015f verileri arac\u0131l\u0131\u011f\u0131yla bir SQL sorgusunun eklenmesiyle ger\u00e7ekle\u015ftirilir. SQL komutlar\u0131, \u00f6nceden tan\u0131mlanm\u0131\u015f SQL komutlar\u0131n\u0131n y\u00fcr\u00fct\u00fclmesini etkileyen veri d\u00fczlemi giri\u015fine enjekte edilir.<\/p>\n\n\n\n<p>Bir web uygulamas\u0131 veya web sitesi Oracle, SQL Server veya MySQL gibi SQL veritabanlar\u0131n\u0131 kullan\u0131yorsa, SQL enjeksiyon sald\u0131r\u0131s\u0131na kar\u015f\u0131 savunmas\u0131z kalabilir. SQL Injection, \u015firketleri; t\u00fcm veritaban\u0131ndan yararlan\u0131lmas\u0131 a\u00e7\u0131s\u0131ndan en korunmas\u0131z b\u0131rakan tehditlerden biri olmas\u0131yla \u00fcnl\u00fcd\u00fcr.<\/p>\n\n\n\n<p>Bilgisayar korsan\u0131, veri veya tablolar\u0131 veritaban\u0131ndan silmeye kalkt\u0131\u011f\u0131nda, yedekleri olsa bile, verilerin silinmesi, veritaban\u0131 geri y\u00fcklenene kadar uygulaman\u0131n kullan\u0131labilirli\u011fini etkileyecektir. Ayr\u0131ca, yedeklemeler son girilen verileri i\u00e7ermeyebilir.<\/p>\n\n\n\n<p>Sald\u0131rganlar, veritaban\u0131ndaki verileri de\u011fi\u015ftirerek SQL enjeksiyonunu ciddi tehditler olu\u015fturacak \u015fekilde kullanabilir, \u00f6rne\u011fin bir finansal uygulamada hesap bakiyelerini de\u011fi\u015ftirilebilir. Daha da k\u00f6t\u00fcs\u00fc, sald\u0131rganlar bir uygulaman\u0131n veritaban\u0131nda y\u00f6netici haklar\u0131 elde edebilir.<\/p>\n\n\n\n<p>SQL enjeksiyon sald\u0131r\u0131lar\u0131nda en yayg\u0131n risk, e-posta adresleri ve oturum a\u00e7ma bilgilerinin \u00e7al\u0131nmas\u0131 ve dark web&#8217;de sat\u0131lmas\u0131d\u0131r. Bu nedenle ba\u015far\u0131l\u0131 bir SQL enjeksiyonu sadece kurumlar i\u00e7in de\u011fil, kullan\u0131c\u0131lar ve m\u00fc\u015fteriler i\u00e7in de b\u00fcy\u00fck tehdit olu\u015fturmaktad\u0131r.<\/p>\n\n\n\n<h2 id=\"sql-injection-saldirilari-nasil-gerceklestirilir\" class=\"wp-block-heading\">SQL Injection Sald\u0131r\u0131lar\u0131 Nas\u0131l Ger\u00e7ekle\u015ftirilir?<\/h2>\n\n\n\n<div class=\"wp-block-image is-style-default\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"968\" height=\"609\" src=\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-1-2.jpg\" alt=\"SQLi Nedir?, SQL Injection Nedir?\" class=\"wp-image-46732\" srcset=\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-1-2.jpg 968w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-1-2-650x409.jpg 650w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-1-2-768x483.jpg 768w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-1-2-380x239.jpg 380w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-1-2-800x503.jpg 800w\" sizes=\"auto, (max-width: 968px) 100vw, 968px\" \/><figcaption>Ba\u015far\u0131l\u0131 bir SQL enjeksiyon sald\u0131r\u0131s\u0131, veritaban\u0131n\u0131zdan e-posta, kullan\u0131c\u0131 ad\u0131, parola ve kredi kart\u0131 ayr\u0131nt\u0131lar\u0131 gibi hassas verileri okuyabilir, de\u011fi\u015ftirebilir veya silebilir.<\/figcaption><\/figure><\/div>\n\n\n\n<p>Bir ki\u015finin veya kurulu\u015fun verilerini silme, de\u011fi\u015ftirme, yedekleme, sisteme vir\u00fcs ekleme, operasyonlara zarar verme gibi ama\u00e7larla kullan\u0131lan SQL Injection, uygulaman\u0131n istemci ucundan SQL sorgu giri\u015fi eklenerek veya enjekte edilerek yap\u0131l\u0131r. <\/p>\n\n\n\n<p>SQL enjeksiyonu i\u00e7in sald\u0131rgan\u0131n bir web uygulamas\u0131nda veya web sayfas\u0131nda g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan bir giri\u015fi bulmas\u0131 gerekir. <\/p>\n\n\n\n<p>SQL enjeksiyonu, veriler g\u00fcvenilmeyen bir kaynaktan bir programa girdi\u011finde ve bu veriler dinamik olarak bir SQL sorgusu olu\u015fturmak i\u00e7in kullan\u0131ld\u0131\u011f\u0131nda ger\u00e7ekle\u015fir. Yan\u0131t, sald\u0131rgan\u0131n veritaban\u0131 mimarisini anlamas\u0131 ve uygulaman\u0131n g\u00fcvenli bilgilerine eri\u015fmesi i\u00e7in gereklidir. Bilgisayar korsan\u0131, \u00f6zel olarak haz\u0131rlanm\u0131\u015f bir SQL komutuyla veritaban\u0131 yap\u0131s\u0131 hakk\u0131nda net fikir sa\u011flayan bir yan\u0131t elde ederek veritaban\u0131ndaki t\u00fcm bilgilere eri\u015febilir.<\/p>\n\n\n\n<p>SQL, kontrol d\u00fczlemi ile veri d\u00fczlemi aras\u0131nda ayr\u0131m yapmad\u0131\u011f\u0131ndan, sald\u0131rgan bir meta karakter yerle\u015ftirebilir (veri olarak yorumlanmayan bir karakter, alt \u00e7izgi _ gibi).<\/p>\n\n\n\n<p>\u00c7ocuklar\u0131n bile ger\u00e7ekle\u015ftirebilece\u011fi kadar basit bir sald\u0131r\u0131 t\u00fcr\u00fc olan SQL enjeksiyonu ile bir sald\u0131rgan ekledi\u011fi bir kodla parola bilgisi gerekmeksizin kimlik do\u011frulamas\u0131n\u0131 atlayabilir.<\/p>\n\n\n\n<p>SQL Injection sald\u0131r\u0131lar\u0131n\u0131n ger\u00e7ekle\u015ftirildi\u011fi farkl\u0131 yollar\u0131 \u015fu \u015fekilde s\u0131ralayabiliriz:<\/p>\n\n\n\n<p><strong>Kullan\u0131c\u0131 giri\u015fine dayal\u0131 SQL enjeksiyonu<\/strong>: Web uygulamalar\u0131, kullan\u0131c\u0131n\u0131n girdilerini; i\u015flenmek \u00fczere veritaban\u0131na ileten formlar arac\u0131l\u0131\u011f\u0131yla kabul eder. Uygulamalar bu girdileri sterilize etmeden kabul ederse, sald\u0131rgan form alanlar\u0131 arac\u0131l\u0131\u011f\u0131yla SQL ifadeleri enjekte edebilir ve veritaban\u0131n\u0131n i\u00e7eri\u011fini silebilir, kopyalayabilir veya de\u011fi\u015ftirebilir.<\/p>\n\n\n\n<p><strong>\u00c7erezlere dayal\u0131 SQL enjeksiyonu<\/strong>: Web uygulamalar\u0131 genellikle tan\u0131mlama bilgileri y\u00fckler ve verilerini veritaban\u0131 i\u015flemlerinin bir par\u00e7as\u0131 olarak kullan\u0131r. Bu t\u00fcr SQL enjeksiyonu, tan\u0131mlama bilgilerini veritaban\u0131 sorgular\u0131n\u0131 &#8220;zehirleyecek&#8221; \u015fekilde de\u011fi\u015ftirir. K\u00f6t\u00fc niyetli bir kullan\u0131c\u0131 veya bir kullan\u0131c\u0131n\u0131n cihaz\u0131na da\u011f\u0131t\u0131lan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, arka u\u00e7 veritaban\u0131na beklenmedik bir \u015fekilde SQL enjekte etmek i\u00e7in tan\u0131mlama bilgilerini de\u011fi\u015ftirebilir.<\/p>\n\n\n\n<p><strong>HTTP ba\u015fl\u0131klar\u0131na dayal\u0131 SQL enjeksiyonu<\/strong>: HTTP ba\u015fl\u0131klar\u0131 gibi sunucu de\u011fi\u015fkenleri SQL enjeksiyonu i\u00e7in de kullan\u0131labilir. Bir web uygulamas\u0131 HTTP ba\u015fl\u0131klar\u0131ndan girdileri kabul ederse, rastgele SQL i\u00e7eren sahte ba\u015fl\u0131klar veritaban\u0131na kod enjekte edebilir.<\/p>\n\n\n\n<p><strong>\u0130kinci dereceden SQL enjeksiyonu<\/strong>: En karma\u015f\u0131k SQL enjeksiyon sald\u0131r\u0131lar\u0131d\u0131r \u00e7\u00fcnk\u00fc uzun bir s\u00fcre uykuda kalabilirler. \u0130kinci dereceden SQL enjeksiyon sald\u0131r\u0131s\u0131, bir ba\u011flamda iyi huylu olarak kabul edilebilecek ancak ba\u015fka bir ba\u011flamda k\u00f6t\u00fc ama\u00e7l\u0131 olan zehirli veriler sunar. Geli\u015ftiriciler t\u00fcm uygulama giri\u015flerini sterilize etseler bile bu t\u00fcr sald\u0131r\u0131lara kar\u015f\u0131 savunmas\u0131z kalabilirler.<\/p>\n\n\n\n<h2 id=\"sql-injection-turleri\" class=\"wp-block-heading\">SQL Injection T\u00fcrleri<\/h2>\n\n\n\n<div class=\"wp-block-image is-style-default\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"968\" height=\"475\" src=\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-2-2.jpg\" alt=\"SQL Injection Sald\u0131r\u0131lar\u0131 Nas\u0131l Ger\u00e7ekle\u015ftirilir?, SQL Injection T\u00fcrleri\" class=\"wp-image-46736\" srcset=\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-2-2.jpg 968w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-2-2-650x319.jpg 650w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-2-2-768x377.jpg 768w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-2-2-380x186.jpg 380w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-2-2-800x393.jpg 800w\" sizes=\"auto, (max-width: 968px) 100vw, 968px\" \/><figcaption>SQL enjeksiyonunu \u00f6nlemek i\u00e7in dinamik sorgulara izin vermemeniz ya da k\u00f6t\u00fc niyetli SQL i\u00e7eren, kullan\u0131c\u0131 taraf\u0131ndan sa\u011flanan girdilerin sorgunun mant\u0131\u011f\u0131n\u0131 etkilemesini \u00f6nlemeniz gerekir.<\/figcaption><\/figure><\/div>\n\n\n\n<p>En pop\u00fcler sald\u0131r\u0131 t\u00fcr\u00fc olan <strong>bant i\u00e7i (In-band) <\/strong>SQL enjeksiyonlar\u0131 ayn\u0131 ileti\u015fim kanal\u0131n\u0131 kullan\u0131r ve iki \u015fekilde ger\u00e7ekle\u015fir:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Hata tabanl\u0131 (Error-based):<\/strong> Hata tabanl\u0131 SQL enjeksiyon tekni\u011fi, uygulama veritaban\u0131 sunucular\u0131 taraf\u0131ndan at\u0131lan hata mesajlar\u0131na dayan\u0131r. Sald\u0131rganlar, hangi sorgular\u0131n hata mesajlar\u0131 ald\u0131\u011f\u0131n\u0131 test ederek, veritaban\u0131 yap\u0131s\u0131na dayal\u0131 olarak hedeflenen SQL enjeksiyonlar\u0131 olu\u015fturabilir.<br><br><\/li><li><strong>Union-based:<\/strong> Bir uygulama SQL enjeksiyonuna kar\u015f\u0131 savunmas\u0131z oldu\u011funda ve uygulaman\u0131n yan\u0131tlar\u0131 bir sorgu i\u00e7in sonu\u00e7lar\u0131 d\u00f6nd\u00fcrd\u00fc\u011f\u00fcnde, sald\u0131rganlar uygulama veritaban\u0131n\u0131n tablolar\u0131ndan veri almak i\u00e7in UNION anahtar s\u00f6zc\u00fc\u011f\u00fcn\u00fc kullan\u0131r.<\/li><\/ul>\n\n\n\n<p><strong>Inferential (\u00c7\u0131kar\u0131msal)<\/strong> SQL enjeksiyonu, <strong>Blind<\/strong> SQL enjeksiyon sald\u0131r\u0131s\u0131 olarak da bilinir. Bu sald\u0131r\u0131da, bir veri y\u00fck\u00fc g\u00f6nderdikten sonra, sald\u0131rgan veritaban\u0131n\u0131n veri yap\u0131s\u0131n\u0131 belirlemek i\u00e7in davran\u0131\u015f\u0131 ve yan\u0131tlar\u0131 g\u00f6zlemler. \u0130ki t\u00fcrde g\u00f6r\u00fcl\u00fcr:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Boole tabanl\u0131<\/strong>: Sald\u0131rganlar, uygulamay\u0131 DO\u011eRU veya YANLI\u015e&#8217;\u0131n farkl\u0131 sonu\u00e7lar\u0131n\u0131 d\u00f6nd\u00fcrmeye zorlayan SQL sorgular\u0131 g\u00f6ndererek, belirli y\u00fcklerin me\u015fru sonu\u00e7lar d\u00f6nd\u00fcr\u00fcp d\u00f6nd\u00fcrmedi\u011fini anlayabilir.<br><br><\/li><li><strong>Time-based<\/strong>: Zamana dayal\u0131 olarak adland\u0131rabilece\u011fimiz bu y\u00f6ntem, veritaban\u0131ndan yan\u0131t vermeden \u00f6nce belirli s\u00fcre beklemesini isteyen SQL sorgular\u0131 g\u00f6nderir. Zamana dayal\u0131 SQL enjeksiyon sald\u0131r\u0131s\u0131, genellikle bir uygulama genel hata mesajlar\u0131 verdi\u011finde kullan\u0131l\u0131r. Bu teknik, veritaban\u0131n\u0131 belirli bir s\u00fcre beklemeye zorlar. Yan\u0131t s\u00fcresi, sald\u0131rgan\u0131n sorguyu DO\u011eRU veya YANLI\u015e olarak belirlemesine yard\u0131mc\u0131 olur.<\/li><\/ul>\n\n\n\n<p>Her iki durumda da, sald\u0131rganlar\u0131n verileri karakter karakter numaraland\u0131rmas\u0131 gerekti\u011fi d\u00fc\u015f\u00fcn\u00fcld\u00fc\u011f\u00fcnde, Inferential SQL enjeksiyon sald\u0131r\u0131 y\u00f6ntemleri olduk\u00e7a zorludur.<\/p>\n\n\n\n<p><strong>Out-of-band<\/strong> (Bant D\u0131\u015f\u0131) SQL enjeksiyon sald\u0131r\u0131lar\u0131 en az kullan\u0131lan SQL injection tekni\u011fidir. Bant d\u0131\u015f\u0131 SQL enjeksiyon sald\u0131r\u0131s\u0131, uygulaman\u0131n verileri herhangi bir protokol (HTTP, DNS veya SMB) arac\u0131l\u0131\u011f\u0131yla iletmesini ister.<\/p>\n\n\n\n<h2 id=\"sql-enjeksiyonu-guvenlik-aciklari-nasil-tespit-edilir\" class=\"wp-block-heading\">SQL Enjeksiyonu G\u00fcvenlik A\u00e7\u0131klar\u0131 Nas\u0131l Tespit Edilir?<\/h2>\n\n\n\n<p>SQLi g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 tespit etmek i\u00e7in uygulaman\u0131za veya web sitenize sald\u0131r\u0131lar ba\u015flatman\u0131z \u00f6nerilir. Bu a\u00e7\u0131klar\u0131 bulmak i\u00e7in manuel test ve otomatik test olmak \u00fczere iki teknik kullan\u0131l\u0131r. Manuel testte, uygulama geli\u015ftirme s\u0131ras\u0131nda, SQL enjeksiyonu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n tespit edilmesine yard\u0131mc\u0131 olan bir dizi test s\u00f6z konusudur. <\/p>\n\n\n\n<p>Otomatik test i\u00e7in SQLMap gibi \u00e7e\u015fitli ara\u00e7lar bulunmaktad\u0131r. Genellikle bu ara\u00e7lar, kullan\u0131mda olan veritaban\u0131 t\u00fcr\u00fcn\u00fc belirlemek i\u00e7in sitenizi inceler ve sorgular olu\u015fturur. Ke\u015ffedilen baz\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n kald\u0131r\u0131lmas\u0131na yard\u0131mc\u0131 olabilecek hata d\u00fczeltme \u00f6zelli\u011fi de i\u00e7erirler. <\/p>\n\n\n\n<h2 id=\"sql-injection-nasil-onlenir\" class=\"wp-block-heading\">SQL Injection Nas\u0131l \u00d6nlenir?<\/h2>\n\n\n\n<div class=\"wp-block-image is-style-default\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"968\" height=\"475\" src=\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-3-3.jpg\" alt=\"SQL Enjeksiyonu G\u00fcvenlik A\u00e7\u0131klar\u0131 Nas\u0131l Tespit Edilir?\" class=\"wp-image-46741\" srcset=\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-3-3.jpg 968w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-3-3-650x319.jpg 650w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-3-3-768x377.jpg 768w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-3-3-380x186.jpg 380w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-3-3-800x393.jpg 800w\" sizes=\"auto, (max-width: 968px) 100vw, 968px\" \/><figcaption>Teknik olarak, bir SQL enjeksiyon sald\u0131r\u0131s\u0131n\u0131 \u00f6nlemenin tek yolu, olas\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 kodlar\u0131 filtrelemek i\u00e7in kullan\u0131c\u0131lar taraf\u0131ndan girilen girdilerin izlenmesi ve sterilize edilmesidir.<\/figcaption><\/figure><\/div>\n\n\n\n<p>Bildi\u011finiz \u00fczere s\u00fcr\u00fcmler ve uzant\u0131lar d\u00fczenli y\u00fckseltmeler gerektirir. Eski s\u00fcr\u00fcmler veya kodlar olduk\u00e7a savunmas\u0131zd\u0131r ve uygulaman\u0131z\u0131n b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc koruyamayabilir. Eski kodu g\u00f6zden ge\u00e7irmek  ve g\u00fcvenlik a\u00e7\u0131klar\u0131ndan ka\u00e7\u0131nmak i\u00e7in yama uygulanm\u0131\u015f ve y\u00fckseltilmi\u015f kod s\u00fcr\u00fcmlerini \u00e7al\u0131\u015ft\u0131rmak tats\u0131z s\u00fcrprizlerden ka\u00e7\u0131nmak i\u00e7in \u00e7ok \u00f6nemlidir. <\/p>\n\n\n\n<p>Bir SQL enjeksiyon sald\u0131r\u0131s\u0131n\u0131 \u00f6nlemenin ilk ad\u0131m\u0131, hangi uygulamalar\u0131n savunmas\u0131z oldu\u011funu belirlemektir. Ger\u00e7ek \u015fu ki bir SQL veritaban\u0131yla etkile\u015fime giren herhangi bir web sitesi risk alt\u0131ndad\u0131r. <\/p>\n\n\n\n<p>SQL enjeksiyonunu \u00f6nlemek i\u00e7in dinamik sorgulara izin vermemeniz ya da k\u00f6t\u00fc niyetli SQL i\u00e7eren, kullan\u0131c\u0131 taraf\u0131ndan sa\u011flanan girdilerin sorgunun mant\u0131\u011f\u0131n\u0131 etkilemesini \u00f6nlemeniz gerekir. <\/p>\n\n\n\n<p>Teknik olarak, bir SQL enjeksiyon sald\u0131r\u0131s\u0131n\u0131 \u00f6nlemenin tek yolu, olas\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 kodlar\u0131 filtrelemek i\u00e7in kullan\u0131c\u0131lar taraf\u0131ndan girilen girdilerin izlenmesi ve sterilize edilmesidir. Bu tam olarak bir web uygulamas\u0131 g\u00fcvenlik duvar\u0131n\u0131n (WAF) yapt\u0131\u011f\u0131 \u015feydir. Kullan\u0131c\u0131lar\u0131n web uygulamas\u0131na girdi\u011fi t\u00fcm girdileri analiz ederek \u015f\u00fcpheli kodlarla e\u015fle\u015fmeleri bulur. Potansiyel olarak tehlikeli web isteklerini filtrelemek s\u00f6z konusu oldu\u011funda, yaz\u0131l\u0131m veya cihaz tabanl\u0131 bir <strong>WAF <\/strong>kullan\u0131\u015fl\u0131d\u0131r. WAF&#8217;lar\u0131n SQL enjeksiyonu savunmas\u0131, veritaban\u0131na s\u0131zma giri\u015fimlerinin \u00e7o\u011funu ezebilir.<\/p>\n\n\n\n<p>Ek olarak SQL enjeksiyonu sald\u0131r\u0131lar\u0131n\u0131 \u00f6nlemeye y\u00f6nelik en bilinen \u00f6nerileri \u015fu \u015fekilde s\u0131ralayabiliriz:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Parametreli Sorgular: <\/strong>Parametreli sorgu, parametrelerin yer tutucu olarak kullan\u0131ld\u0131\u011f\u0131 ve y\u00fcr\u00fctme zaman\u0131nda sa\u011fland\u0131\u011f\u0131 bir sorgudur. Bu sorgu t\u00fcr\u00fcnde, parametrelerin veri t\u00fcrleri \u00f6nceden tan\u0131mlan\u0131r ve baz\u0131 durumlarda varsay\u0131lan de\u011ferler de ayarlan\u0131r. Bunu yapmak, SQL enjeksiyon sorgular\u0131n\u0131n ba\u015far\u0131s\u0131z olmas\u0131na neden olur.<br><br><\/li><li><strong>Sakl\u0131 Prosed\u00fcrler<\/strong> (Stored Procedures): Sakl\u0131 prosed\u00fcrler, uygulamadan \u00e7a\u011fr\u0131lan veritaban\u0131nda tan\u0131mlanan ve saklanan SQL ifadeleridir. Sakl\u0131 prosed\u00fcrler, herhangi bir dinamik SQL \u00fcretimi i\u00e7ermeyen parametrelerle \u00f6nceden olu\u015fturulmu\u015f SQL ifadeleridir. Sakl\u0131 yordamlar da denen bu prosed\u00fcrleri ayarlamak i\u00e7in geli\u015ftiricilerin, gerekli girdiler i\u00e7in parametrelerle SQL ifadeleri olu\u015fturmas\u0131 gerekir. Sakl\u0131 yordamlar ve parametreli sorgular aras\u0131ndaki fark, sakl\u0131 yordamlar\u0131n veritaban\u0131 i\u00e7inde tan\u0131mlanmas\u0131 ve saklanmas\u0131, ancak uygulamadan \u00e7a\u011fr\u0131lmas\u0131d\u0131r. Ayr\u0131ca, sakl\u0131 yordamlar baz\u0131 DBMS&#8217;lerde (varsay\u0131lan olarak mevcut de\u011fildir) y\u00fcr\u00fctme haklar\u0131 gerektirdi\u011finden, kullan\u0131c\u0131 eri\u015fimi vermek yerine en az ayr\u0131cal\u0131\u011fa sahip ayr\u0131 bir hesap olu\u015fturmak \u00f6nemlidir.<br><br><\/li><li><strong>\u0130zin Verilenler Listesi Giri\u015f Do\u011frulamas\u0131<\/strong> (Allowlist Input Validation): \u0130zin verilenler listesi girdi do\u011frulamas\u0131, harici girdileri bilinen, onaylanm\u0131\u015f bir dizi girdiye kar\u015f\u0131 kontrol eder ve e\u015fle\u015fmeyen girdilerde ba\u015far\u0131s\u0131z olur. Bu, yaln\u0131zca ba\u011flama de\u011fi\u015fkenlerine izin verilmeyen durumlarda kullan\u0131lmal\u0131d\u0131r. \u0130zin verilenler listesi giri\u015f do\u011frulamas\u0131, giri\u015fi sorguya iletilmeden \u00f6nce alg\u0131lamak i\u00e7in bir yedekleme se\u00e7ene\u011fi de olabilir.<br><br><\/li><li><strong>Kullan\u0131c\u0131 Taraf\u0131ndan Sa\u011flanan T\u00fcm Girdilerden Ka\u00e7\u0131nmak:<\/strong> T\u00fcm SQL enjeksiyonlar\u0131n\u0131 engelleyemedi\u011fi i\u00e7in bu y\u00f6ntemi yaln\u0131zca \u00f6nceki se\u00e7enekler m\u00fcmk\u00fcn de\u011filse kullanmal\u0131s\u0131n\u0131z. Bu fazlas\u0131yla veritaban\u0131na \u00f6zg\u00fc bir uygulamad\u0131r. Her DBMS, karakterden ka\u00e7an bir d\u00fczeni destekler. Do\u011fru \u015fema kullan\u0131larak t\u00fcm kullan\u0131c\u0131 girdilerinden ka\u00e7\u0131n\u0131l\u0131rsa, DBMS, girdi ile geli\u015ftiriciler taraf\u0131ndan yaz\u0131lan SQL kodunu ay\u0131rt edebilecektir.<br><br><\/li><li><strong>En Az Ayr\u0131cal\u0131k:<\/strong> En az ayr\u0131cal\u0131k, SQL enjeksiyonuna kar\u015f\u0131 bir savunma de\u011fildir, ancak herhangi bir sald\u0131r\u0131n\u0131n verebilece\u011fi hasar\u0131 s\u0131n\u0131rlaman\u0131n bir yoludur. En az ayr\u0131cal\u0131k, uygulaman\u0131z\u0131n veritaban\u0131nda s\u0131n\u0131rs\u0131z g\u00fcce sahip olmad\u0131\u011f\u0131 anlam\u0131na gelir. Bir sald\u0131rgan eri\u015fim elde ederse, verebilece\u011fi hasar s\u0131n\u0131rl\u0131 olacakt\u0131r. Root eri\u015fimi veya y\u00f6netici ayr\u0131cal\u0131\u011f\u0131na sahip bir hesap kullanarak uygulamalar\u0131n veritabanlar\u0131na olan ba\u011flant\u0131lar\u0131n\u0131 engellemek etkili bir korumad\u0131r. Uygulama hesaplar\u0131n\u0131n yaln\u0131zca ihtiya\u00e7 duyduklar\u0131 kadar izne sahip olmas\u0131n\u0131 sa\u011flamak gerekir. Hesaplara yaln\u0131zca tam olarak ihtiya\u00e7 duyulan eri\u015fim i\u00e7in izin vermeniz \u00f6nerilir. \u00d6rne\u011fin, bir hesab\u0131n salt okuma eri\u015fimine ihtiyac\u0131 varsa, yaln\u0131zca ihtiya\u00e7 duydu\u011fu tablolara (hatta tablonun belirli b\u00f6l\u00fcmlerine) salt okunur eri\u015fimi oldu\u011fundan emin olmal\u0131s\u0131n\u0131z. Yapabiliyorsan\u0131z, veritaban\u0131 hesaplar\u0131na olu\u015fturma veya silme eri\u015fimi vermekten ka\u00e7\u0131n\u0131n. Her kullan\u0131c\u0131n\u0131n\/uygulaman\u0131n ayr\u0131 bir hesab\u0131 olmal\u0131d\u0131r. Ayr\u0131ca, veritaban\u0131 y\u00f6netim sisteminin (DBMS) alt\u0131nda \u00e7al\u0131\u015ft\u0131\u011f\u0131 i\u015fletim sistemi hesab\u0131n\u0131n ayr\u0131cal\u0131klar\u0131n\u0131 g\u00f6zden ge\u00e7irmeniz \u00f6nerilir.<\/li><\/ul>\n\n\n\n<h2 id=\"sql-enjeksiyonu-ihlalleri\" class=\"wp-block-heading\">SQL Enjeksiyonu \u0130hlalleri<\/h2>\n\n\n\n<div class=\"wp-block-image is-style-default\"><figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"968\" height=\"475\" src=\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-4-3.jpg\" alt=\"SQL Injection Nas\u0131l \u00d6nlenir?, SQL Enjeksiyonu \u0130hlalleri\" class=\"wp-image-46745\" srcset=\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-4-3.jpg 968w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-4-3-650x319.jpg 650w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-4-3-768x377.jpg 768w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-4-3-380x186.jpg 380w, https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/08\/yazi-ici-gorsel-4-3-800x393.jpg 800w\" sizes=\"auto, (max-width: 968px) 100vw, 968px\" \/><figcaption>\u00c7ok say\u0131da siber su\u00e7lu, veritabanlar\u0131na s\u0131zmak i\u00e7in zay\u0131f kod hatalar\u0131ndan yararlanmay\u0131 bekler.<\/figcaption><\/figure><\/div>\n\n\n\n<p>SQL enjeksiyonlar\u0131n\u0131n 1998&#8217;de ortaya \u00e7\u0131kmas\u0131ndan bu yana siber g\u00fcvenlik alan\u0131nda ger\u00e7ekle\u015fen ciddi geli\u015fmelere ra\u011fmen, hala b\u00fcy\u00fck bir endi\u015fe kayna\u011f\u0131 oldu\u011fu g\u00f6r\u00fclmektedir. Hatta ge\u00e7ti\u011fimiz iki y\u0131l i\u00e7inde SQLi sald\u0131r\u0131lar\u0131n\u0131n, yaz\u0131l\u0131m &#8211; uygulama g\u00fcvenli\u011fine y\u00f6nelik t\u00fcm sald\u0131r\u0131lar\u0131n yakla\u015f\u0131k \u00fc\u00e7te ikisini olu\u015fturdu\u011fu bilinmektedir. Bilinen b\u00fcy\u00fck SQL enjeksiyonu ihlallerini \u015fu \u015fekilde s\u0131ralayabiliriz:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>GhostShell:<\/strong> Ekim 2012&#8217;de, bilgisayar korsanlar\u0131n\u0131n SQL enjeksiyonu kullanarak 53 \u00fcniversiteyi hedef ald\u0131\u011f\u0131 sald\u0131r\u0131, \u00f6\u011frencilere, \u00f6\u011fretim \u00fcyelerine ve personele ait 36.000 ki\u015fisel kayd\u0131n \u00e7al\u0131nmas\u0131 ve yay\u0131nlamas\u0131yla sonu\u00e7lanm\u0131\u015ft\u0131r.<br><br><\/li><li><strong>7-Eleven:<\/strong> A\u011fustos 2009&#8217;da, ba\u015fta 7-Eleven perakende zinciri olmak \u00fczere bir\u00e7ok \u015firketteki kurumsal sistemlere s\u0131zmak i\u00e7in SQL enjeksiyonunun kullan\u0131ld\u0131\u011f\u0131 sald\u0131r\u0131da 130 milyon kredi kart\u0131 numaras\u0131 \u00e7al\u0131nm\u0131\u015ft\u0131r.<br><br><\/li><li><strong>HBGary:<\/strong> \u015eubat 2011&#8217;de HBGary CEO&#8217;sunun Anonymous \u00fcyelerinin isimlerine sahip oldu\u011funu duyurmas\u0131na bir yan\u0131t olarak Anonymous ile ilgilisi bulunan bilgisayar korsanlar\u0131, \u015firketin web sitesini \u00e7\u00f6kertmek i\u00e7in SQL Injection kullanm\u0131\u015ft\u0131r.<br><\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>WordPress Eklentileri:<\/strong> \u0130spanyol g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 Jacinto Sergio Castillo Solana ve Manuel Garcia Cardenas, 84.000&#8217;den fazla eklentide 4.500&#8217;\u00fc SQLi olmak \u00fczere 5.000&#8217;den fazla g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffetmi\u015ftir.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Sesli Komut SQL Enjeksiyonu<\/strong>: 2019&#8217;da ortaya \u00e7\u0131kan bu yeni t\u00fcr SQLi, sald\u0131r\u0131y\u0131 ger\u00e7ekle\u015ftirmek i\u00e7in sesli komutlara dayanmaktad\u0131r. Bu, Alexa&#8217;n\u0131n korumas\u0131z bir uygulamada s\u00f6zc\u00fckleri ve say\u0131lar\u0131 \u00e7evirerek istismar edilebilece\u011finin g\u00f6stergesidir. <br><\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Tesla g\u00fcvenlik a\u00e7\u0131\u011f\u0131<\/strong>: 2014&#8217;te g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131, SQL enjeksiyonunu kullanarak Tesla&#8217;n\u0131n web sitesini ihlal edebildiklerini, y\u00f6netici ayr\u0131cal\u0131klar\u0131 kazanabildiklerini ve kullan\u0131c\u0131 verilerini \u00e7alabildiklerini duyurmu\u015flard\u0131r.<br><br><\/li><li><strong>Cisco g\u00fcvenlik a\u00e7\u0131\u011f\u0131<\/strong>: 2018&#8217;de Cisco Prime&#8217;da bir SQLi a\u00e7\u0131\u011f\u0131 bulunmu\u015f ve Cisco g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 d\u00fczeltmi\u015ftir.<br><br><\/li><li><strong>Fortnite g\u00fcvenlik a\u00e7\u0131\u011f\u0131:<\/strong> 350 milyondan fazla kullan\u0131c\u0131ya sahip \u00e7evrimi\u00e7i bir oyun olan Fortnite&#8217;de, 2019 y\u0131l\u0131nda, sald\u0131rganlar\u0131n kullan\u0131c\u0131 hesaplar\u0131na eri\u015fmesine izin verebilecek bir SQLi g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffedilmi\u015f ve d\u00fczeltilmi\u015ftir.<\/li><\/ul>\n\n\n\n<h2 id=\"ozet\" class=\"wp-block-heading\">\u00d6zet<\/h2>\n\n\n\n<p>SQL enjeksiyonu, web uygulamalar\u0131na y\u00f6nelik en yayg\u0131n sald\u0131r\u0131lardan biridir. Ba\u015far\u0131l\u0131 bir SQL enjeksiyon sald\u0131r\u0131s\u0131, veritaban\u0131n\u0131zdan e-posta, kullan\u0131c\u0131 ad\u0131, parola ve kredi kart\u0131 ayr\u0131nt\u0131lar\u0131 gibi hassas verileri okuyabilir, de\u011fi\u015ftirebilir veya silebilir. SQLi, bir sald\u0131rgan\u0131n yetkisiz eri\u015fim sa\u011flayarak kimlik sahtekarl\u0131\u011f\u0131 yapmas\u0131na veya veritaban\u0131n\u0131z\u0131 yok etmesine neden olabilir. <\/p>\n\n\n\n<p>SQL Injection g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 belirlemek ve sistemlerinizi g\u00fcvende tutmak i\u00e7in hemen harekete ge\u00e7mek \u00e7ok \u00f6nemlidir. \u00c7ok say\u0131da sald\u0131rgan, veritabanlar\u0131na s\u0131zmak i\u00e7in zay\u0131f kod hatalar\u0131ndan yararlanmay\u0131 bekledi\u011finden SQL Injection Nedir? sorusuyla kodlar\u0131n\u0131z\u0131 g\u00f6zden ge\u00e7irmeniz ve g\u00fc\u00e7l\u00fc uygulama g\u00fcvenli\u011fi \u00e7\u00f6z\u00fcmlerine y\u00f6nelmeniz \u00f6nerilir.<\/p>\n","protected":false},"excerpt":{"rendered":"SQL veritaban\u0131 sistemi kullanan web sitelerini veya web uygulamalar\u0131n\u0131 etkileyen siber sald\u0131r\u0131 t\u00fcrlerini ara\u015ft\u0131ranlar\u0131n SQL Injection Nedir? sorusunun pe\u015fine d\u00fc\u015fmesi ka\u00e7\u0131n\u0131lmazd\u0131r.\n","protected":false},"author":1,"featured_media":46731,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_relevanssi_hide_post":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"31400,53546,43938,1794,29491,64381","_relevanssi_noindex_reason":"","footnotes":""},"categories":[656,654,657,655,138],"tags":[],"class_list":{"0":"post-44232","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-alpha-ssl","8":"category-comodo-ssl","9":"category-ev-ssl","10":"category-globalsign-ssl","11":"category-ipuclari"},"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SQL Injection Nedir? &#8226; Turhost Blog<\/title>\n<meta name=\"description\" content=\"SQL veritaban\u0131 kullanan web uygulamalar\u0131n\u0131 etkileyen siber sald\u0131r\u0131 t\u00fcrlerini ara\u015ft\u0131ranlar SQL Injection Nedir? sorusunun pe\u015fine d\u00fc\u015fmelidir!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/\" \/>\n<meta property=\"og:locale\" content=\"tr_TR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SQL Injection Nedir? &#8226; Turhost Blog\" \/>\n<meta property=\"og:description\" content=\"SQL veritaban\u0131 kullanan web uygulamalar\u0131n\u0131 etkileyen siber sald\u0131r\u0131 t\u00fcrlerini ara\u015ft\u0131ranlar SQL Injection Nedir? sorusunun pe\u015fine d\u00fc\u015fmelidir!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/\" \/>\n<meta property=\"og:site_name\" content=\"Turhost Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-23T06:07:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-11-26T06:37:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/07\/kapak-4.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Turhost\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Yazan:\" \/>\n\t<meta name=\"twitter:data1\" content=\"Turhost\" \/>\n\t<meta name=\"twitter:label2\" content=\"Tahmini okuma s\u00fcresi\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 dakika\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/\",\"url\":\"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/\",\"name\":\"SQL Injection Nedir? &#8226; Turhost Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.turhost.com/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/07\/kapak-4.jpg\",\"datePublished\":\"2021-08-23T06:07:17+00:00\",\"dateModified\":\"2021-11-26T06:37:26+00:00\",\"author\":{\"@id\":\"https:\/\/www.turhost.com/blog\/#\/schema\/person\/dd8970d865df6ed4f742fe30c308ad1c\"},\"description\":\"SQL veritaban\u0131 kullanan web uygulamalar\u0131n\u0131 etkileyen siber sald\u0131r\u0131 t\u00fcrlerini ara\u015ft\u0131ranlar SQL Injection Nedir? sorusunun pe\u015fine d\u00fc\u015fmelidir!\",\"breadcrumb\":{\"@id\":\"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/#breadcrumb\"},\"inLanguage\":\"tr\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"tr\",\"@id\":\"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/#primaryimage\",\"url\":\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/07\/kapak-4.jpg\",\"contentUrl\":\"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/07\/kapak-4.jpg\",\"width\":1000,\"height\":1000},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.turhost.com/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u0130pu\u00e7lar\u0131\",\"item\":\"https:\/\/www.turhost.com/blog\/ipuclari\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SQL Injection Nedir?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.turhost.com/blog\/#website\",\"url\":\"https:\/\/www.turhost.com/blog\/\",\"name\":\"Turhost Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.turhost.com/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"tr\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.turhost.com/blog\/#\/schema\/person\/dd8970d865df6ed4f742fe30c308ad1c\",\"name\":\"Turhost\",\"sameAs\":[\"http:\/\/www.turhost.com\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SQL Injection Nedir? &#8226; Turhost Blog","description":"SQL veritaban\u0131 kullanan web uygulamalar\u0131n\u0131 etkileyen siber sald\u0131r\u0131 t\u00fcrlerini ara\u015ft\u0131ranlar SQL Injection Nedir? sorusunun pe\u015fine d\u00fc\u015fmelidir!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/","og_locale":"tr_TR","og_type":"article","og_title":"SQL Injection Nedir? &#8226; Turhost Blog","og_description":"SQL veritaban\u0131 kullanan web uygulamalar\u0131n\u0131 etkileyen siber sald\u0131r\u0131 t\u00fcrlerini ara\u015ft\u0131ranlar SQL Injection Nedir? sorusunun pe\u015fine d\u00fc\u015fmelidir!","og_url":"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/","og_site_name":"Turhost Blog","article_published_time":"2021-08-23T06:07:17+00:00","article_modified_time":"2021-11-26T06:37:26+00:00","og_image":[{"width":1000,"height":1000,"url":"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/07\/kapak-4.jpg","type":"image\/jpeg"}],"author":"Turhost","twitter_card":"summary_large_image","twitter_misc":{"Yazan:":"Turhost","Tahmini okuma s\u00fcresi":"10 dakika"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/","url":"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/","name":"SQL Injection Nedir? &#8226; Turhost Blog","isPartOf":{"@id":"https:\/\/www.turhost.com/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/#primaryimage"},"image":{"@id":"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/#primaryimage"},"thumbnailUrl":"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/07\/kapak-4.jpg","datePublished":"2021-08-23T06:07:17+00:00","dateModified":"2021-11-26T06:37:26+00:00","author":{"@id":"https:\/\/www.turhost.com/blog\/#\/schema\/person\/dd8970d865df6ed4f742fe30c308ad1c"},"description":"SQL veritaban\u0131 kullanan web uygulamalar\u0131n\u0131 etkileyen siber sald\u0131r\u0131 t\u00fcrlerini ara\u015ft\u0131ranlar SQL Injection Nedir? sorusunun pe\u015fine d\u00fc\u015fmelidir!","breadcrumb":{"@id":"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/#breadcrumb"},"inLanguage":"tr","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.turhost.com/blog\/sql-injection-nedir\/"]}]},{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/#primaryimage","url":"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/07\/kapak-4.jpg","contentUrl":"https:\/\/www.turhost.com/blog\/wp-content\/uploads\/2021\/07\/kapak-4.jpg","width":1000,"height":1000},{"@type":"BreadcrumbList","@id":"https:\/\/www.turhost.com/blog\/sql-injection-nedir\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.turhost.com/blog\/"},{"@type":"ListItem","position":2,"name":"\u0130pu\u00e7lar\u0131","item":"https:\/\/www.turhost.com/blog\/ipuclari\/"},{"@type":"ListItem","position":3,"name":"SQL Injection Nedir?"}]},{"@type":"WebSite","@id":"https:\/\/www.turhost.com/blog\/#website","url":"https:\/\/www.turhost.com/blog\/","name":"Turhost Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.turhost.com/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"tr"},{"@type":"Person","@id":"https:\/\/www.turhost.com/blog\/#\/schema\/person\/dd8970d865df6ed4f742fe30c308ad1c","name":"Turhost","sameAs":["http:\/\/www.turhost.com\/"]}]}},"_links":{"self":[{"href":"https:\/\/www.turhost.com/blog\/wp-json\/wp\/v2\/posts\/44232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.turhost.com/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.turhost.com/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.turhost.com/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.turhost.com/blog\/wp-json\/wp\/v2\/comments?post=44232"}],"version-history":[{"count":128,"href":"https:\/\/www.turhost.com/blog\/wp-json\/wp\/v2\/posts\/44232\/revisions"}],"predecessor-version":[{"id":46880,"href":"https:\/\/www.turhost.com/blog\/wp-json\/wp\/v2\/posts\/44232\/revisions\/46880"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.turhost.com/blog\/wp-json\/wp\/v2\/media\/46731"}],"wp:attachment":[{"href":"https:\/\/www.turhost.com/blog\/wp-json\/wp\/v2\/media?parent=44232"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.turhost.com/blog\/wp-json\/wp\/v2\/categories?post=44232"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.turhost.com/blog\/wp-json\/wp\/v2\/tags?post=44232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}