|
| |||||||||
| Sql Injuction Hello This Is My Tutorial Over "SQL INJECTION" , Hope It Would Help Out Many Out Here. Basically SQL INJECTION Is A Attack Over Weak Programming And Can Affect Major Over The Databases. No Lets Jump Out Here: Consider a Form As Shown below, http://www25.brinkster.com/vinothbabu/login.asp The Form Accepts a Username and Password.It Would then Probably Query a database to retrieve some information Let Us Say that this is a bank database and, hypothetically,it has a table user_id with following structure shown below: Quote:
The Account number is used for all transactions, and will be retrived from the table when the user ebters his username and password.This Would Most Likely be Done By a query Like ... Quote:
Bit What Happens if the user enters his name as spechacker' instead of spechacker??? The Query Now Becomes... Quote:
This Is an Error And So the Database Server Will Return An Error.This Could Be Something Similar to What's Shown Below: Quote:
Now From Above We Come Here to state an information.... * We Know that we can managle the query at our will * We Know the database at the back-end.In this Case It Is Oracle. Now What If We Entered Our Password As jamesbond' OR 'b' = 'b? The Query Becomes...... Quote:
This Is a Valid SQL query. Further, It Will always yield True Since 'b'='b' always Yields True. Hence This will Result In an Overall true.This Means that You Could Type any password and log in successfully! Moving On To Other Possibilities We Have Seen That Quating Can Wreak All Sorts Of Havoc in the authentication scheme.Another Offending string is the '-' This Is USed As A Comment In SQL.Now,What If We Entered Our Username As spechacker;-? The Query Would Be... Quote:
As You Can See The Entire 'where' clause has been eliminated.In short, no password check is performed! Furthermore,the ';'(semicolon) character is used in SQL to seperate two queries.While Some Databases Ignore This Such as Oralce , Others Such As MS SQL2000 And MYSQL Use it.This is by Far the Most Dangerous.By this the attacker has access to your databases. A Query Such As.. Quote:
Can Easily Formed By Entering A Username. Quote:
If The User Were to USe Some Dangerous Query Like Drop Table,You Could be in Real Trouble! Many Databases Have Commands tht are used to execute Shell Commands.Some Like PostgreSQL,Have XP_shellexec that can compromise the entire system by running programs such as FTP to get Trojan Horses. How To Prevent This Attack ............ Quote:
Let us Prevent This Attack And Provide More Security To The Web. Thanx Hope This Tutorial Will Surely Help EveryOne In This Board. Vinoth |
| ||
| Re: Sql Injuction Did this thread not help any one here/ I need some comments over this, |
| ||
| Re: Sql Injuction Hi This very delighting article on SQL Injunction. It is very simple complete and useful. congrats |
| All times are GMT -4. The time now is 8:26 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC