Latest Posts
Loading...
Tuesday, 30 July 2013

Simple SQL Injection Techniques

10:48





SQL Injection Tips And techniques


  • SQL Injection: When SQL code is ran on a website that is not hard coded into website that exploits a security vulnerability occurring in the database layer of the server application
In this Post I’ll be explaining the use of simple SQL Injections, Injections that a cause and an immediate reaction.
  • General Example: A textbox that displays what was entered on the page
  • Specific Example: Submitting <?php DROP TABLE * ?> in a input text field that displays value below it causing the tables to be dropped and the website destroyed.
NOTE: Protecting From Simple SQL Injection is really easy and almost every website is protected from an attack like this.


USES of SQL Injection


Finding a SQL exploit in a website gives you full control of the website allowing to run any command for example Increase a Variable like Money on a certain Civics Mirror Website. But the most common use use of SQL injection is to gain information from the database such as passwords, credit card data and even you peoples hidden agenda. Very few websites are so insecure to allow you to hack right threw login systems in less there programmed by a novice but entering 1′or’1′=’1 as the username and password will login to the first user in the database  if they where that novice or built there website in 1997 and haven’t updated it since.


How To Protect From SQL Injection


When using Mysql using the mysql_real_escape_string function on the string you passing will clean the PHP out of it rendering it safe. Another good way to prevent SQL exploits is to use the CLEAN function with is available on  all database types but may be disable by you server provider. But the best way to avoid SQL Injections is just don’t use variables from GET ,POST or COOKIE methods that interface with a database.





 
Toggle Footer