What is SQL Injection?
SQL injection is Common and famous method of hacking at present . Using this method an unauthorized person can access the database of the website. Attacker can get all details from the Database.How It Works?
SQL Injection Injects A Code Into The Mysql Database Which Gets Passed The Site Security Login.What an attacker can do?
- ByPassing Logins
- Accessing secret data
- Modifying contents of website
- Shutting down the My SQL server
SQL Injection List:
- Dont try this on .gov or .edu sites.
- Dont try this on sites that look really adv.
- Try on sites that don't record false login's.
- Make sure it does not say powered by and then a company name, such a Pearson.
- Use a proxy if think you might get caught.
http://www.fileserve.com/file/hwgs3UJ/SQL_Infection_Exploit.rarStep By Step Tutorial:-
Step 1: Finding Vulnerable Website: Use Google Search Engine. We can find the Vulnerable websites(hackable websites) using Google Dork list
Step 2: Search in Google:
Step 3: Copy the above command and paste in the google search engine box...
Step 4: So Start from the first website. if you find a website ending with adminlogin.asp
Now enter the website...
Step 5: At the username type in "Admin" or "Administrator" and at the password type:
Tips: The first string is the most important one. Many of the times it will say login failed but keep on trying with different strings...
Note: This technique will work only on low secured websites, not on every website.How to protect you own websites from SQL injection?
Filter out character like ' " - / \ ; NULL, etc. in all strings from:
- Input from users
- Parameters from URL
- Values from cookie