SQL injections

what is SQL Injection?

SQL injection is defined as a technique that takes advantage of non-validated input vulnerabilities and inject SQL commands through a web application that are executed in a back-end database. Programmers use sequential SQL command with client supplied parameters making it easier for attackers to inject commands. Attackers can easily execute random SQL queries on the database server through a web application.


how does it work?

While performing SQL injection, attackers look for pages which allows the submission of data to the backend database, such pages are login page, search page, feedback page, registration page.
Attackers use simple test to find vulnearabilities by simply passing single quotation mark in fields.

how to retrieve any data?

To check for input vulnerabilities, use single quotes. For e.g type in use name text box ' OR 1=1--
this can be used in input box or even in the URL of the web page.
If there is a match, it will login without valid username and password.
Followings are few more inputs attakers may try
  • ' OR 1=1--
  • " OR 1=1--
  • ' OR 'a'='a
  • " OR 'a'='a
  • ') OR ('a'='a


SQL injection tools
  • SQLDict
  • SQLExec
  • sqlbf
  • SQLSMack
  • SQL2.exe
  • SQlPoke
  • NGSSQLCrack
  • SQLPing
  • sqlmap
  • sqlninja
  • SQLIer

Preventing sql injection attacks

  1. Never trust the input of users: check the text box entires by using the validation controls, regular expressions, code etc
  2. Never use dynamic SQL
  3. Do not connect to a database using an root level account, use a limited access account.
  4. Do not reveal much information in error messages.

Comments

Post a Comment

Popular posts from this blog

Detecting user's screen size and resolution

If you're developing a site, you should carefully consider how your web pages appear on different kinds of screens. Today people access website on devices with different types of screens, you should account for some factors that affect the way your web pages appear on these devices. Javascript one simple way is to identify the screen width with the help of javascript and then render the webpage accordingly. Following is sample code to identify screen width and set it in cookie. <?php if(isset($_COOKIE["device_resolution"])) $screen_res = $_COOKIE["device_resolution"]; else //cookie is not found set it using Javascript { ?> <? } echo "Your screen resolution is set at ". $screen_res; ?> PHP With php, it is very easy to identify device using $_SERVER['HTTP_USER_AGENT']. Usining strpos() function find position of first occurrence of a string. <?php $iphone = strpos($_SERVER['HTTP_USER_AGENT'],"iPho...
Read more

autoload class

The __autoload() magic function is used to dynamically load classes. Whenever PHP encounters a non-existent class, it will first call the __autoload() function, and only then declare an error. This can be used to load classes on-the-fly. error_reporting (E_ALL); if (version_compare(phpversion(), '5.1.0', '<') == true) { die ('PHP5.1 Only'); } // Constants: define ('DIRSEP', DIRECTORY_SEPARATOR); // Get site path $site_path = realpath(dirname(__FILE__) . DIRSEP . '..' . DIRSEP) . DIRSEP; define ('site_path', $site_path); $registry = new Registry; // Set some data $registry->set ('name', 'Don'); // Get data, using get() echo $registry->get ('name'); // Get data, using array access echo $registry['name'] function __autoload($className) { // Assume that all class files are located in the same dir and subdirs $fname = str_replace('::', DIRECTORY_SEPARATOR, $className) . '.php...
Read more

MySql Slow Queries

MySQL has a slow query log which can be enabled if you want to identify the queries that are causing problems for a website or application. Checking slow queries is one of the most important steps in optimizing and tuning mysql. This article shows how to identify those 'slow queries' that need special attention and proper optimization. First let’s check on the server if slow query logging is enabled on MySql. On Windows cd c:\xampp\mysql\bin bin>mysqladmin var | find "log_slow_queries" On linux bin>mysqladmin var |grep log_slow_queries Enable the slow query log MySQL prior to 5.1.0 requires a change to the MySQL my.cnf file and a restart in order to log slow queries. From MySQL 5.1.0 you can apparantly change this dynamically without having to restart. Too make the change permanent, you could add the following lines under the [mysqld] section of your my.ini or my.cnf configuration file: >vi /etc/my.cnf [mysqld] # Activate the Slow Q...
Read more