SQL injection is the most common threat to Data base system. It lead to loss of very secured or confidential data. It is nothing but the unauthorized access to data systems or accounts.

The following are the risks associated with SQL Injection:

1. By Passing Authentication :
   It is most important to focus on By Passing Authentication during the penetration test because the attacker can access to the database just like an authorized user and he can perform his desired tasks on the data base.

2. Identifying Injectable Parameters :
   The attacker will collect the information about the structure of the back-end database of a web application and he will include the dynamic content in to the web site. This may lead the visitors to install malicious code and may redirect to the malicious site.

3. Executing Remote Commands :
   Executing these remote commands will provide attackers a tool to execute arbitrary commands on the database.

   For example, a remote user can execute stored database procedures and functions from a remote SQL interactive interface.

4. Denial of Service :
   The attacker can flood the server with requests so that he will the authority to stop the service to valid users, or he can delete some data.

5. Database Finger Printing :
   The attacker can determine the type of database used in backend so that he can use database-specific attacks that corresponds to weakness in a particular DBMS.