Ads 468x60px

Saturday, 17 November 2012

SQL Injection Attack

The most common technique used to attack a website. It is a code injection technique which exploits security  vulnerability in a website's software.

Now lets begin with the login process
Let's say that you are sitting at your computer, surfing the Web, and you open a Website to Login to your account.
  1. You type in the Login Username and Password and clicks on Sign in and you get in to your account.
  2. Web Server receives the Username and Password and forwards it to the Database server.
  3. Database server receives the Username and Password from the Web Server and checks its tables for that Username and Password and sends the result of the authentication to the Web Server.
  4. Web Server receives the Authentication result from the Database Server and on the basis of the result, redirects the User to the proper Webpage.
  5. If the Authentication is True, User gets signed in to the Account, and if it fails User is asked to Sign In again.

SQL INJECTION
A SQL injection attack exploits vulnerabilities in a web server database that allow the attacker to gain access to the database and read, modify, or delete information.  
An example of a SQL injection attack is making the condition true by giving the identical value to a web page.

These values can be inserted into a login as follows:
Login: 1' or '1'='1 and Password= 1' or '1'='1
Login: 1' or '1'='1';--

When the Username argument is evaluated, ‘1’=’1’ will assess to TRUE, and an authentic username will be returned.

Now you need to search for a website which is SQL Vulnerable 
Got to google and search 
inurl:adminlogin.asp
inurl:login.asp

For example I have a website for you 

You can find out more websites and to test that website is vulnerable or not just put a quote (') at the end of the URL and press enter and if you get the page as shown in image then the website is vulnerable and can be hacked with SQL Injection. 
Now you have a website, then try to attack it with SQL Injection by simply typing the following user name and password and hit enter. 
username: a'or'a'='a
password: a'or'a'='a
and you are logged in. 

Input Validation in SQL Injection
There are measures that can be applied to mitigate SQL injection attacks.
  • Web developer can check whether some suspicious characters are sent from the Login Page like ‘, “, ;, -- , etc
  • Always store the Passwords in the Database server in the Encrypted Form.
  • Use of these practices does not guarantee that SQL injection can be completely eliminated, but they will make it more difficult for Hackers to conduct these attacks.
Share if you liked this Post using your favorite sharing service:

Subscribe Updates, Its FREE!

5 comments:

  1. Hello.
    How are you? It is so lovely.
    Like your website because
    its style so nice. The online TV is very Samaa News live great Feature. We can get
    information about current affairs through online TV website at any time and everywhere
    I will suggest my friends to visits this site.

    ReplyDelete
  2. Hello
    I read your article it is so interested.
    Important point of your article is you use the easy and simple language.
    Now TV. Internet and Newspaper is the best way to get knowledge about Geo News live
    current affairs. I am so impress. Good Job.
    Keep it up

    ReplyDelete
  3. Well written and good information, I've got nothing to add! I guess I will say that as this is an important aspect of many Fox News live developing careers, we're also all responsible for keeping an eye on how this affects the industry over time - especially with "free" becoming a more common price tag every day.

    ReplyDelete
  4. My experience with simple.tv has been exactly what I expected from this type of technology, even slightly AJJ News above my expectations. The picture quality is perfect - there appears to be no signal compression so the picture looks exactly as it would if my antenna was directly connected to my TV. The unit I'm using also has a pass-through outpu

    ReplyDelete
  5. I'm confused what is a Psychiatrist , phycologist and therapist?

    Psychiatrist Decatur

    ReplyDelete

 
Related Posts Plugin for WordPress, Blogger...