Skip to main content

SQL Injection

After a long time I thought I should write something in the blog. Today we will talk about SQL Injection.


SQL Injection is a bit old but still useful web hacking technique.As the name implies this involves injecting a malicious SQL code into the SQL database through a user input field provided to us on a website.

This can be used not only to gain access to the site using the mechanism but also to play with the database and destroy it.

For a example, let's take a simple website with user login.It has two input fields to get a username and a password.What happens in this case is that when we enter the username and password, it goes to the back end and run a  SQL Query to check whether user name and password is correct. if its correct the query return true state and Then we get access to the site or if the username or password in the database does not match or False tells us that the site can not be logged in. That is simply the story behind the scenes.

So in this case the attacker is trying to make it True somehow by injecting the SQL code through the input file field.

This is how it happens.

SELECT * FROM users WHERE user_name='$user_name' AND password='$password'

This is the query to check if the relevant raw is present in the database.So in this case the username and password that we use in the login are set to $ user_name and $ password.

That means we can only change these two places as an input.

Now suppose we type 'OR 1 = 1 #' in the username field.when it comes to  $username 

SELECT * FROM users WHERE user_name=''OR 1=1 #AND password='$password'

that's how it comes. lets see what is happened now.user name is replaced as a empty string by the single quote that we were sent, as user_name=''.Then there is an OR gate in this so we know that the result will be True if only one side is True.


Then 1 = 1 is always true so the result is always true.Because of the next # simble, the whole query written after that will be a comment.Now since OR has 1 = 1, this is true anyway.So this works and the relevant person gets access to the site.

Most of the new websites now, have these stopped.They filtered all user inputs well.But for some web sites may it works still.But trying to using these things are illegal this article is only for educational purposes.Do not get to troubles by doing those things.if you want to try just make a simple page in your personal server or local host to test.

see you with another article soon !



Comments

Post a Comment

Popular posts from this blog

Quantum Computing

Before we talk about quantum computers, let's look at what quantum theory is. The atom is the basic building block of matter. The atom is made up of tiny subatomic particles such as electrons, protons, and neutrons.So in an environment with subatomic particles like this, these particles behave strangely. Predicting these behaviors is what happens in quantum science. Quantum theory Quantum theory was first proposed by Max Planck.Also Irwin Schrdinger and Albert Einstein have contributed to these investigations. There are three basic theories of quantum theory. 1 . Superior theory 2. Theory of inconsistency 3. Tangle theory Simply put, these three are .... 1 . Superior theory This is about a state between yes and no. To illustrate this, Schrodinger has proposed a model called the cat concept test.Something like this is happening here, A flask filled with a poisonous substance is placed in a chamber containing a radioactive medium. There is a cat inside th...
Post a Comment
Read more

5 Tips To Rank Your Gigs On Fiverr

If you're a freelancer on Fiverr , you know how important it is to have your gigs rank highly in the platform's search results. High rankings can mean more visibility for your gig, which can lead to more sales and ultimately more income for you. Here are 5 tips to help you rank your gigs higher on Fiverr. 1. Use relevant keywords in your gig title and description . When potential buyers search for services on Fiverr, they often use keywords to find what they're looking for. By including relevant keywords in your gig title and description, you can increase the chances that your gig will appear in search results for those keywords. 2. Use high-quality images in your gig gallery . The images you use in your gig gallery can have a big impact on how your gig ranks in search results. High-quality images can help your gig stand out and grab the attention of potential buyers, which can lead to more clicks and ultimately higher rankings.dont forget to use your own images and assets...
Post a Comment
Read more

How To Install Windows Drivers Properly.

                                                                                     What are the drivers? Actually drivers are kind of softwares . What these do is provide information to the operating system about the hardware we use . Without these we cannot use any hardware. For example, let's say we have a printer.We connect this to our computer.But the computer will not recognize this as a printer without these drivers.Because these drivers contain all the details about how this printer works. What drives actually do is instruct the operating system on what the hardware is and how to work with it. If we take the example of that printer, let's say this printer can print 5 characters per second. ,  This information is contained in those drivers.It tells the ...
1 comment
Read more