PC Support

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 12 June 2012

SQL Injection-Basic Command

Posted on 01:10 by Unknown
SQL injection is a technique often used to attack databases through a website.
SQL injection is a code injection technique that exploits a security vulnerability in a website's software .
Thus SQL command are injected from website to database at back end.
Consider a sql relation account(name,passwd,balance).Now the php in website will read the usenrame and password and assing to variable $n and $p respectively.
The sql querry will be

SELECT balance FROM account
WHERE name='n' AND passwd='p';
This will work for normal user inputs.
If the user input $n=adarsh '- -
Then -- in sql represent a comment statement.
The sql querry will be



SELECT balance FROM account
WHERE name='adarsh'- - AND passwd='p';
The querry is equivalent to
 
SELECT balance FROM account
WHERE name='adarsh'

Hence an attacker will be able to acess the account relation of an user simply using username.

We can use this basically to log into a database account of a user without password.
First in login page provide a valid user-name and for passsword:anything 'or'x'='x
This wil work if the site administrator has not taken necessary preperation against these kind of attack.


WARNING:CONTENT FOR INFORMATIONAL USE ONLY


Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in SQL INJECTION | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Sony Erricson SAR Values /Radiation Values
    Manufacturer / Model number SAR rating (1.6W/kg) SAR rating (2.0W/kg) Sony Ericsson A1228C ...
  • Install Flash Player Without Administrator Rights
    Adobe Flash player has become an important plug-in to be installed in order to view online videos and online games.Most of the schools and c...
  • Installing JOOMLA In LINUX,UBUNTU SCREENSHOTS
    JOOMLA is very usefull software which we can use to build web sites and powerful online applications. Its not essential for its user to kn...
  • Mobile / Cell Phone SAR Value / Radiation Value
    Manufacturer / Model number SAR rating (1.6W/kg) SAR rating (2.0W/kg) 3 Skypephone S2x ...
  • APPLE SAR Values / Radiation Values
    Manufacturer / Model number SAR rating (1.6W/kg) SAR rating (2.0W/kg) Apple iPhone 0.97...
  • Changing Default Operating System And Boot Priority In UBUNTU GRUB TO Windows
    Ubuntu is one of the best Operating System coming from the Open Source.It has good performance and protection from viruses like other Linux ...
  • SQL Injection-Basic Command
    SQL injection is a technique often used to attack databases through a website. SQL injection is a code injection technique that exploits a ...
  • Recover Files & Folder Affected By NEW FOLDER VIRUS
    When a computer gets affected by an NEW FOLDER virus,it will create an copy of virus porgram in the name of all the folders in the computer ...

Categories

  • FLASH PLAYER WITHOUT ADMINISTRATOR RIGHTS
  • GRUB DEFAULT OPERATING SYSTEM
  • GRUB Loader Priority
  • INSTALLATION
  • INSTALLING FLASH PLAYER
  • JOOMLA
  • NEW FOLDER REMOVAL
  • NEW FOLDER VIRUS
  • SCREENSHOT
  • SQL INJECTION
  • UBUNTU

Blog Archive

  • ►  2013 (1)
    • ►  January (1)
  • ▼  2012 (7)
    • ►  September (2)
    • ►  August (2)
    • ▼  June (3)
      • SQL Injection-Basic Command
      • Recover Files & Folder Affected By NEW FOLDER VIRUS
      • Install Flash Player Without Administrator Rights
Powered by Blogger.

About Me

Unknown
View my complete profile