Programmer 2 Programmer
| | | Tips | | | Microsoft Certification | | | Project Idea NEW
| | | Connection Strings | | | Password Recovery | | | SQL Injection | | | Encryption & Decryption | | | | | | Scripting | | | Java Script | | | VB Script | | | | | | LIVE Academic Project | | | Project #1 - VB6, Access | | | Project #2 - VB.Net, SQL | | | Project #3 - ASP, Access | | | Project #4 - C#, SQL | | | Project #5 - VB6, SQL | | |
2010 New Projects Ad
| | | | | | Sikkim Manipal University | | | SMU - Question Paper | | | | | | Interview Question Answer | | | General & HR Round | | | Visual Basic 6 | | | VB.Net & Framework | | | C# | | | ASP.Net | | | SQL Server | | |
Oracle and DBA NEW
| | | My SQL | | | Project Management | | | |  | 100% Tested
Ready Academic IT Projects | | BE, ME, BTech, BCA, MCA, MBA, Bsc-IT, MS, BIT, ADIT, DOEACC, IGNOU, SMU | | readymadeproject.com |
|
|
|
One
stop solution for VB6, VB.Net, C#, ASP.Net, Crystal Report, Oracle,
SQL Server, MySql, PHP, XML, AJAX .... |
|
|
| |
|
|
SQL Injection - Advanced SQL Injection
|
|
|
What is SQL Injection?
|
1. What is SQL Injection
|
|
SQL Injection the most popular method to pass SQL command
deliberately from input filed in application.
SQL Injection is one of the many web attack mechanisms used by
hackers to steal data from organizations. It is perhaps one
of the most common application layer attack techniques used
today. It is the type of attack that takes advantage of
improper coding of your web applications that allows hacker
to inject SQL commands into say a login form to allow them
to gain access to the data held within your database.
|
2.
SQL Injection by Example |
|
|
3. Advanced SQL Injection |
|
|
4. Preventing SQL Injection |
|
|
|
|
|
|
|
|
|
|
|
|
|
Which part of your application is in threat for SQL Injection?
SQL Injection is the hacking technique which attempts to
pass SQL commands (statements) through a web application for
execution by the backend database. If not sanitized
properly, web applications may result in SQL Injection
attacks that allow hackers to view information from the
database and/or even wipe it out.
Such features as login pages, support and product request
forms, feedback forms, search pages, shopping carts and the
general delivery of dynamic content, shape modern websites
and provide businesses with the means necessary to
communicate with prospects and customers. These website
features are all examples of web applications which may be
either purchased off-the-shelf or developed as bespoke
programs.
These website features are all susceptible to SQL Injection
attacks which arise because the fields available for user
input allow SQL statements to pass through and query the
database directly.
Basic SQL Injection
Most login page is ask for User Name and Password from the
user. User type the user name and password in the login form
and submit for authenticate. System query the database with
supplied user name and password if it found in the database
it authenticate the user otherwise it show login fail
message. When we submit the login page most login page will
pass query to database like.
select * from user_master where user_name='" & TxtUserName.Txt & "' and
user_password ='" & TxtPassword.Txt & "'"
If we type User Name as ANYUSER and Password as ANYPASS then
actual query look like.
select * from user_master where user_name='ANYUSER' and
user_password ='ANYPASS'
It will not work as there is no such user name and password
in the table user_master. and it will show login fail
message. Now just change your password and type ANYPASS'
or 'T' = 'T and submit the page again.
This time the query look like.
select * from user_master where user_name='ANYUSER' and
user_password ='ANYPASS' or 'T' = 'T'
Now it works and you are able to login the page without
knowing the user name and password. How it was happen. the
query will always return all records from the database
because 'T' = 'T' always True.
What are the SQL command you can pass
If the underlying database supports multiple command in
single line, then you can pass any valid DML, DCL and DDL
command through sql injection. for example following command
will drop user_master table from the database. For example
type in paasword box ANYPASS' ; drop table user_master --
and submit the page again. this time underlying query looks
like.
select * from user_master where user_name='ANYUSER' and
user_password ='ANYPASS' ; drop table user_master -- '
Now it drop the user_master table from the database. In this
case we pass drop table command along with password. -- two
dash is comment for SQL no other code will be executed after
that. If you know the table structure then you can Insert
and update the record as well through SQL Injection.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Next 4.
Preventing SQL
Injection
|
|
(C) Atanu Maity, 2006-2010
|