Its injecting sql server with scripts that can potentially break the security barriers of the application/server.
SQL injection is a security vulnerability that occurs in the database layer of an application, Its is not a SQL Server problem, but a problem with improperly written applications.
Any one who develops/test applications that use sql statements.
Hey developers check it on all your applications that you have written so far (i checked it.. fortunately it didnt break any of my code)
What can it do?
One or more of the following based on your application implementation
Very simple example of Sql injection.
Most of the applications have login screen, try entering following as
login name: test' or 1=1 --
An example of sql string created by any simple application vulnarable to sql injection is
select * from users where username='test' or 1=1 -- and password='anything'
This is how its evaluated to true, and the first level of entry.. successful.
Curious to know other ways of injecting sql server? Read the article
How to avoid sql injection?
With such few additional validations/coding you can make your application safe from sql injection attacks. Happy coding.