I chose SQL injection for my current weekly blog post because it has gained a lot of media attention. It can be realy nasty especially when it comes to identity theft.
Basically a SQL injection is a server-side attack technique used to exploit Web sites by inserting a series of unauthorized SQL statements into a Web application that requests user input and then builds dynamic SQL queries. Or in other words when an attacker successfully alters the construct of the SQL statements, they are then able to run processes with the same permissions as the database server, web server or web application server.
There are a lot of defferent varieties of SQL injection vulnerabilities depending on the database being accessed and the configuration of that database. It is possible through a SQL injection attack that the hacker could access all records in the database, delete the tables, create new tables or other actions that would provide easy access to information.
As I already said it can get really nasty.