What type of attack involves manipulating databases through SQL syntax?

SQL Injection is a type of attack that specifically targets databases through the use of malicious SQL statements. In this attack vector, an attacker inputs crafted SQL code into a web application's input fields, which can then be executed by the database on the backend if proper validation and sanitization measures are not in place. The successful execution of this attack can allow the attacker to manipulate the database in various harmful ways, such as extracting sensitive data, modifying or deleting records, or even taking control of the database itself.

This method leverages the database's reliance on SQL for querying and manipulating data, demonstrating how an application vulnerability can be exploited through inadequate security measures. Proper application design would include input validation, prepared statements, and stored procedures to mitigate the risk of SQL Injection attacks.

Other forms of attack mentioned, such as Cross-Site Scripting, Data Injection, and Session Hijacking, involve different exploitation techniques and targets, but none specifically focus on the manipulation of databases using SQL syntax like SQL Injection does. Understanding this distinction is critical for implementing effective security measures in applications that interact with databases.