Ethical Hacking Tutorials - What is SQL Injection Attack?
SQL Injection Attack is a technique where a malicious user can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statements and compromise the security of web applications. SQL is used to display data on a web page.
The primary database used in e-commerce today is the Microsoft SQL Server and Oracle. The Microsoft SQL Server is a great example of a database that grew too quickly, with little thought to security.
To secure your assets, you must understand the underlying technologies that handcuff your Web Application and, in some cases predetermine their susceptibility to hacking.
Two of the most ubiquitous database on the market today
- Microsoft's SQL Server
- Oracle's Oracle 9i
To secure your assets, you must understand the underlying technologies that handcuff your Web Application and, in some cases predetermine their susceptibility to hacking.
Instead, Passwords use one of this String
The simplest SQL Injection Attack Technique is bypassing form-based Logins
Let's say that
SQLQuery = "SELECT Username FROM USers WHERE Username='"&
strUsername & AND Password="' & strPassword & "'
str AuthCheck=""Then
boolAuthenticated=False
Else
boolAuthenticated=True
End if
When a user submits a user name and password. The query will go through the Users table to see if there is a row where the username and password in the row match those supplied by the user.
If such a row is found, the username is stored in the variable strAuthCheck, which indicates that the user should be authenticated. If there is no row that the user-supplied data matches, strAuthCheck will be empty and the user will not be authenticated.
It strUsername and strPassword can contain any characters that you want, you can modify the actual SQL query structure so that name will be returned by the query even if you do not know a valid username or a password. How does this work?
Let's say a user fills out the login form like this
This will give SQL Query the following value:
SELECT Username FROM Users WHERE Username="OR"=" AND Password="OR"="
Instead of comparing the user-supplied data with that present in the Users table, the query compares " (nothing) to " (nothing), which of course, will always return true. (Please note that nothing is different from null.) Since all of the qualifying conditions in the WHERE clause are now met, the username from the first row in the table that is searched will be selected. This username will subsequently be passed to strAuthCheck,
'or 1=1 --
"or 1=1 --
'or 'a'-'a
"or "a"="a
') or ('a'='a
The simplest SQL Injection Attack Technique is bypassing form-based Logins
Let's say that
SQLQuery = "SELECT Username FROM USers WHERE Username='"&
strUsername & AND Password="' & strPassword & "'
str AuthCheck=""Then
boolAuthenticated=False
Else
boolAuthenticated=True
End if
When a user submits a user name and password. The query will go through the Users table to see if there is a row where the username and password in the row match those supplied by the user.
If such a row is found, the username is stored in the variable strAuthCheck, which indicates that the user should be authenticated. If there is no row that the user-supplied data matches, strAuthCheck will be empty and the user will not be authenticated.
It strUsername and strPassword can contain any characters that you want, you can modify the actual SQL query structure so that name will be returned by the query even if you do not know a valid username or a password. How does this work?
Let's say a user fills out the login form like this
Login: 'OR"='
Password: 'OR"='
This will give SQL Query the following value:
SELECT Username FROM Users WHERE Username="OR"=" AND Password="OR"="
Instead of comparing the user-supplied data with that present in the Users table, the query compares " (nothing) to " (nothing), which of course, will always return true. (Please note that nothing is different from null.) Since all of the qualifying conditions in the WHERE clause are now met, the username from the first row in the table that is searched will be selected. This username will subsequently be passed to strAuthCheck,
Related:
Tags: sql injection,sql,sql injection attack,injection,sql injection tutorial,sql injection basics,sql injection attack step by step,blind sql injection,what is sql injection,sql injection tutorial for beginners,sql (programming language),sql injection hack tool,sql injection tool,sql injection kali,sql injection practical,sql injection demo,sql injections,sql attack,sql injection explained,what is a sql injection
- Ethical Hacking Tutorials - Social Engineering Attack?
- Ethical Hacking Tutorials - What is Sniffing?
- How to Become an Ethical Hacker?
- How to Make Anonymous Phone Calls?
Tags: sql injection,sql,sql injection attack,injection,sql injection tutorial,sql injection basics,sql injection attack step by step,blind sql injection,what is sql injection,sql injection tutorial for beginners,sql (programming language),sql injection hack tool,sql injection tool,sql injection kali,sql injection practical,sql injection demo,sql injections,sql attack,sql injection explained,what is a sql injection
No comments:
Post a Comment