SQL Piggybacking
¨Attacker may can extend an application’s SQL statement  to extract or update information that the attacker is not authorized to access ¨“How I Hacked Packetstorm”  http://www.wiretrip.net/rfp/p/doc.asp?id=42 ¨Attacker will explore how the Web application interacts with the back-end database by finding a user-supplied input string that will be part of a database query