SQL injection

MySQL

The lack of Secure web application coding is allowing hackers unofficially access to website databases and networks.

SQL injection definition??

  • SQL injection is the type of attack on a website .basically attacker (hacker) tries to find the weakness of the website and use “SQL injection”. This could potentially run in their database tables, and even extract valuable or private information from their database tables.
  • Structured Query Language (SQL) is the nearly universal language of databases that allows the storage, manipulation, and retrieval of data. Databases that use SQL include MS SQL Server, MySQL, Oracle, Access, and Filemaker Pro and these databases are equally subject to SQL injection attacks.
  • The point of an SQL Injection attack is to compromise a database, which is an organized collection of data and supporting data structures. The data can include user names, passwords, text, etc.
  • A web site which has such types of webpages contact forms, login forms, registration forms, support requests, and even the functions that deliver dynamic web page content, are all susceptible to SQL injection attacks because the very fields presented for visitor use MUST allow at least some SQL commands to pass through directly to the database

Any dynamic script language including ASP, ASP.NET, PHP, JSP, and CGI is vulnerable to attack. The only equipment needed is a web browser. There are tools widely available online that will semi-automate the process of searching for weaknesses, and there are many forums in which hackers share exploits and help each other overcome obstacles. What an attacker can do?

  • ByPassing Logins
  • Accessing secret data
  • Modifying contents of the website
  • Shutting down the My SQL server

Hacking Activity: Use Havij for SQL Injection

we are going to use the Havij Advanced SQL Injection program to scan a website for vulnerabilities.

Note: your anti-virus program may flag it due to its nature. You should add it to the exclusions list or pause your anti-virus software.
ethicalhacking
We will illustrate an SQL injection attack using sqlfiddle. Open the URL http://sqlfiddle.com/#!2/3286e/1 in your web browser. You will get the following window.
ethiclahacking

How to Protect Our Website Against SQL Injection Attacks

  • Error messages (validations)
  • User input should never be trusted. 
  • Prepared statements
  • Regular expressions
  • Database connection user access rights
  • Stored procedures

We Provide Services In the Following Cities

Ethical Haker in Ludhiana
Ethical Hacking Services in Amritsar
Ethical Hacking Services in Mumbai
Ethical Hacking Services in Delhi
Ethical Hacking Services in Gujarat
Ethical Hacking Services in Chandigarh

Leave a Reply

Your email address will not be published. Required fields are marked *