Friday, 10 October 2014

 
 Hack an Website ? SQL Injection ? Very simple by Konduru Jashwanth
 
Are you looking for some useful tips to improve your web projects security? In this post I suggest you some interesting points about this topic.
Hacking is very interesting topic you can improve programming skill.
SQL Injection
SQL Injection like this
 
 
Login Java Code

String userid = request.getParameter(“userid”);
String password = request.getParameter(“password”);
Class.forName(“sun.jdbc.odbc.JdbcOdbcDriver”);
connection = DriverManager.getConnection(“jdbc:odbc:projectDB”);query = “SELECT * FROM Users WHERE user_id =’” + userid + “‘ AND password =’” + password +”‘”;
PreparedStatement ps = connection.prepareStatement(query);
ResultSet users = ps.executeQuery();
if(users.next()){
//some thing here
}
else{
}

Injection Works like this

query = “SELECT * FROM Users WHERE user_id =” OR 1=1; /* AND password =’*/–’”;
Login PHP Code;
Username = ‘ OR 1=1;//
Password = ….
$myusername=$_POST['usr'];
$mypassword=$_POST['pwd'];$sql=”SELECT * FROM users WHERE user=’$myusername’ and password=’$mypassword’”;
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
//some code
}
else {
}

Injection Works like this

$sql=”SELECT * FROM users WHERE user=”OR 1 = 1;//’ and password=’….’”;
How to avoid these mistakes Use addSlashes() function adding slashes(/) to the string in java and php
//Java Code
addSlashes(String userid);// PHP Code
$myusername=addslashes($_POST['usr'];);
Hacker is intelligent than programmer. So always hide the file extension (eg: *.jsp,*.php,*.asp).
http://xyz.com/login.php to http://xyz.com/login
http://xyz.com/login to http://xyz.com/signin.do
In Java redirect this URL links using Web.xml file and inn php write .htaccess file in root directory


any queries Comment or ping me

Email: kondurujashwanth@instructor.net
Categories:

6 comments:

  1. Thank you.....@admin

    ReplyDelete
  2. Thank you so much for giving such a details.
    It is nice post That contain the details of sql commends.
    Good post. Great job.

    ReplyDelete
  3. Good stuff man.. I'm about to learn something new. :D

    BTW I would like to invite all of you guys to this one-of-a-kind bitcoin opportunity.

    Visit us here: https://goo.gl/Fkk84q

    Regards,
    EJ

    ReplyDelete
  4. .i want to sincerely and openly thank blackhatservers@gmail.com for her service…She saved me from infidelity and lies of my cheating husband. She was able to hack his phone so i listen to every call he either make or receive, email passwords and Facebook …i know there are lots of people out there looking for proof and evidence about one thing or the other. Be open and real with her so she can even be at the best of her service to you. Do contact her by email on blackhatservers@gmail.com

    ReplyDelete
  5. I admit, I have not been on this web page in a long time... however it was another joy to see It is such an important topic and ignored by so many, even professionals. I thank you to help making people more aware of possible issues. website improve

    ReplyDelete




    Ankush Mohanty: is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other then this he is a Certified Ethical Hacker. His all efforts are to make internet more Secure.


    MyFreeCopyright.com Registered & Protected
    MyFreeCopyright.com Registered & Protected