NET CAPITAL
Welcome To NET CAPITAL, Please Register to join forum
NET CAPITAL
Welcome To NET CAPITAL, Please Register to join forum
NET CAPITAL
Would you like to react to this message? Create an account in a few clicks or log in to continue.

NET CAPITAL

NET CAPITAL
 
HomeHome  PortalPortal  Latest imagesLatest images  RegisterRegister  Log inLog in  

Share | 
 

 SQL Injection - Advanced SQL Injection

View previous topic View next topic Go down 
AuthorMessage
[ADMIN]Roy
Admin
Admin
[ADMIN]Roy

Posts : 93
WDM-Points : 266
Join date : 2009-03-24

SQL Injection - Advanced SQL Injection Vide
PostSubject: SQL Injection - Advanced SQL Injection   SQL Injection - Advanced SQL Injection EmptyTue Sep 01, 2009 7:17 am

1. What is SQL Injection

SQL Injection the most popular method to pass SQL command deliberately from input filed in application.

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.


Which part of your application is in threat for SQL Injection?
SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.

Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.

These website features are all susceptible to SQL Injection attacks which arise because the fields available for user input allow SQL statements to pass through and query the database directly.

Basic SQL Injection
Most login page is ask for User Name and Password from the user. User type the user name and password in the login form and submit for authenticate. System query the database with supplied user name and password if it found in the database it authenticate the user otherwise it show login fail message. When we submit the login page most login page will pass query to database like.

Code:

select * from user_master where user_name='" & TxtUserName.Txt & "' and
user_password ='" & TxtPassword.Txt & "'"


If we type User Name as ANYUSER and Password as ANYPASS then actual query look like.

Code:


select * from user_master where user_name='ANYUSER' and
user_password ='ANYPASS'

It will not work as there is no such user name and password in the table user_master. and it will show login fail message. Now just change your password and type ANYPASS' or 'T' = 'T and submit the page again. This time the query look like.

Code:

select * from user_master where user_name='ANYUSER' and
user_password ='ANYPASS' or 'T' = 'T'


Now it works and you are able to login the page without knowing the user name and password. How it was happen. the query will always return all records from the database because 'T' = 'T' always True.

What are the SQL command you can pass
If the underlying database supports multiple command in single line, then you can pass any valid DML, DCL and DDL command through sql injection. for example following command will drop user_master table from the database. For example type in paasword box ANYPASS' ; drop table user_master -- and submit the page again. this time underlying query looks like.

Code:


select * from user_master where user_name='ANYUSER' and
user_password ='ANYPASS' ; drop table user_master -- '

Now it drop the user_master table from the database. In this case we pass drop table command along with password. -- two dash is comment for SQL no other code will be executed after that. If you know the table structure then you can Insert and update the record as well through SQL Injection.
Back to top Go down
https://netcapital.darkbb.com
 

SQL Injection - Advanced SQL Injection

View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
NET CAPITAL :: RELEASE SECTION :: Comments & Suggestions-