SQL Injection-Basic Command

SQL injection is a technique often used to attack databases through a website.
SQL injection is a code injection technique that exploits a security vulnerability in a website's software .
Thus SQL command are injected from website to database at back end.
Consider a sql relation account(name,passwd,balance).Now the php in website will read the usenrame and password and assing to variable $n and $p respectively.
The sql querry will be

SELECT balance FROM account
WHERE name='n' AND passwd='p';
This will work for normal user inputs.
If the user input $n=adarsh '- -
Then -- in sql represent a comment statement.
The sql querry will be



SELECT balance FROM account
WHERE name='adarsh'- - AND passwd='p';
The querry is equivalent to
 
SELECT balance FROM account
WHERE name='adarsh'

Hence an attacker will be able to acess the account relation of an user simply using username.

We can use this basically to log into a database account of a user without password.
First in login page provide a valid user-name and for passsword:anything 'or'x'='x
This wil work if the site administrator has not taken necessary preperation against these kind of attack.


WARNING:CONTENT FOR INFORMATIONAL USE ONLY

Read More

Recover Files & Folder Affected By NEW FOLDER VIRUS

When a computer gets affected by an NEW FOLDER virus,it will create an copy of virus porgram in the name of all the folders in the computer and hide the actual folder and its contents.So when we click a folder thinking to open the folder it actually executes the virus program.
When we use a anti-virus program it will be able to detect the virus and it will delete it,but the problem is that when virus is deleted we cannot get our folders of same name as virus back.
We can recover it by using a Linux based operationg system.This is possible because linux exectuable files are not exe files.
First we need to boot from linux and locate the folder to be recovered on hard disk.the on the directory containing folder there will be a file with same name as folder and with .lnk extension.delete it.
Now boot from windows and we will be able to see our folder back

For this purpose we can use a PUPPY Linux which is very small in size..


Hope Its useful!!!

Read More

Install Flash Player Without Administrator Rights

Adobe Flash player has become an important plug-in to be installed in order to view online videos and online games.Most of the schools and colleges provide students account without admin rights and its not possible for them to install flash player...
There is a method to overcome this problem...
This is how its done..
1.Download RARFile to your desktop.
2.Extract the archive using WinRAR/WinZIP/7ZIP.
The file can be extracted online from http://wobzip.org/ .

3.Take WindowsExplorer and paste  %APPDATA%\Mozilla\Plugins\

or alternatively take run and paste  %APPDATA%\Mozilla\Plugins\ .

4.Check whehter there is a folder named Plugins if yes browse inside that folder otherwise create

that folder.

5.Copy the content of the extracted rar file into Plugins folder.

6.Restart firefox and check out the plugins to find flash player installed..

Tested And Verified @ my engineering college..;)

If this works for you then please share it with your friends.

Read More