SQL injection


Lack of Secure web application coding is allowing hackers unofficially access to website database and network.

SQL injection definition??

  • Sql injection is the type of attack for website .basically attacker (hacker) tries to find weakness of website and use “sql injection”. This could potentially run in their database tables, and even extract valuable or private information from their database tables.
  • Structured Query Language (SQL) is the nearly universal language of databases that allows the storage, manipulation, and retrieval of data. Databases that use SQL include MS SQL Server, MySQL, Oracle, Access and Filemaker Pro and these databases are equally subject to SQL injection attack.
  • The point of an SQL Injection attack is to compromise a database, which is an organized collection of data and supporting data structures. The data can include user names, passwords, text, etc.
  • Web site which have  such type of webpages contact forms, login forms, registration forms, support requests, and even the functions that deliver dynamic web page content, are all susceptible to SQL injection attack because the very fields presented for visitor use MUST allow at least some SQL commands to pass through directly to the database
SQL Injection Based on “”=”” is Always True
Any dynamic script language including ASP, ASP.NET, PHP, JSP, and CGI is vulnerable to attack. The only equipment needed is a web browser. There are tools widely available online that will semi-automate the process of searching for weaknesses, and there are many forums in which hackers share exploits and help each other overcome obstacles.What an attacker can do?

  • ByPassing Logins
  • Accessing secret data
  • Modifying contents of website
  • Shutting down the My SQL server

Hacking Activity: Use Havij for SQL Injection

we are going to use Havij Advanced SQL Injection program to scan a website for vulnerabilities.

Note: your anti-virus program may flag it due to its nature. You should add it to the exclusions list or pause your anti-virus software.

We will illustrate SQL injection attack using sqlfiddle. Open the URL http://sqlfiddle.com/#!2/3286e/1 in your web browser. You will get the following window.

How toProtect Our website against SQL Injection Attacks

  • Error messages (validations)
  • User input should never be trusted. 
  • Prepared statements
  • Regular expressions
  • Database connection user access rights
  • Stored procedures

We Provide Services On Following Cities

*Ethical Haker in Ludhiana *Ethical Hacking Services in Amritsar *Ethical Hacking Services in Mumbai
*Ethical Hacking Services in Delhi *Ethical Hacking Services in Gujarat * Ethical Hacking Services in Chandigarh

Leave a Reply

Your email address will not be published. Required fields are marked *