Friday, 10 October 2014

 
 Hack an Website ? SQL Injection ? Very simple by Konduru Jashwanth
 
Are you looking for some useful tips to improve your web projects security? In this post I suggest you some interesting points about this topic.
Hacking is very interesting topic you can improve programming skill.
SQL Injection
SQL Injection like this
 
 
Login Java Code

String userid = request.getParameter(“userid”);
String password = request.getParameter(“password”);
Class.forName(“sun.jdbc.odbc.JdbcOdbcDriver”);
connection = DriverManager.getConnection(“jdbc:odbc:projectDB”);query = “SELECT * FROM Users WHERE user_id =’” + userid + “‘ AND password =’” + password +”‘”;
PreparedStatement ps = connection.prepareStatement(query);
ResultSet users = ps.executeQuery();
if(users.next()){
//some thing here
}
else{
}

Injection Works like this

query = “SELECT * FROM Users WHERE user_id =” OR 1=1; /* AND password =’*/–’”;
Login PHP Code;
Username = ‘ OR 1=1;//
Password = ….
$myusername=$_POST['usr'];
$mypassword=$_POST['pwd'];$sql=”SELECT * FROM users WHERE user=’$myusername’ and password=’$mypassword’”;
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
//some code
}
else {
}

Injection Works like this

$sql=”SELECT * FROM users WHERE user=”OR 1 = 1;//’ and password=’….’”;
How to avoid these mistakes Use addSlashes() function adding slashes(/) to the string in java and php
//Java Code
addSlashes(String userid);// PHP Code
$myusername=addslashes($_POST['usr'];);
Hacker is intelligent than programmer. So always hide the file extension (eg: *.jsp,*.php,*.asp).
http://xyz.com/login.php to http://xyz.com/login
http://xyz.com/login to http://xyz.com/signin.do
In Java redirect this URL links using Web.xml file and inn php write .htaccess file in root directory


any queries Comment or ping me

Email: kondurujashwanth@instructor.net
Categories:

8 comments:

  1. Thank you.....@admin

    ReplyDelete
  2. Thank you so much for giving such a details.
    It is nice post That contain the details of sql commends.
    Good post. Great job.

    ReplyDelete
  3. Good stuff man.. I'm about to learn something new. :D

    BTW I would like to invite all of you guys to this one-of-a-kind bitcoin opportunity.

    Visit us here: https://goo.gl/Fkk84q

    Regards,
    EJ

    ReplyDelete
  4. .i want to sincerely and openly thank blackhatservers@gmail.com for her service…She saved me from infidelity and lies of my cheating husband. She was able to hack his phone so i listen to every call he either make or receive, email passwords and Facebook …i know there are lots of people out there looking for proof and evidence about one thing or the other. Be open and real with her so she can even be at the best of her service to you. Do contact her by email on blackhatservers@gmail.com

    ReplyDelete
  5. I admit, I have not been on this web page in a long time... however it was another joy to see It is such an important topic and ignored by so many, even professionals. I thank you to help making people more aware of possible issues. website improve

    ReplyDelete
  6. very interesting blog.This will help lot of user to update their knowledge.Thanks for sharing.

    White Label Website Builder

    ReplyDelete
  7. I dont really know much about hacking after so many tries i met Cyberhacking lord who later help me find out my husband has been cheating on me and stealing from my bank account, he had this scheme going for 6 months. He gave me access to his mail,social media account,phone(could see deleted messages) and even track his location, still going to sue to him. Having doubts in your relationship? contact him (cyberhackinglord@gmail.com)

    ReplyDelete




    Ankush Mohanty: is a Security Researcher and Analyst, with experience in various aspects of Information Security. Other then this he is a Certified Ethical Hacker. His all efforts are to make internet more Secure.


    MyFreeCopyright.com Registered & Protected
    MyFreeCopyright.com Registered & Protected