it is an attack that takes advantage of that fact that (entire or partial) sql query is exposed in the web page URL. So, an attacker can then change the query portion of the URL and replace it with a malicious SQL query