Menu

Tuesday, March 27, 2007

What is SQL injection?

Definition- SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. ~Wiki

Hi all, Want to hack some web databases which located in different locations?? Yeahhhh you can do it!! I have already tried and its really fun. I am not going to tell you the sites that I have tried, but you could find more...
All you have to do is block all JavaScripts on your browser. You can easily do it by Firefox web browser. In order to do that with Firefox browser you have to download a pluggin called Web Developer 1.1.3 and install it on your browser.

The Web Developer extension adds a menu and a toolbar to the browser with various web developer tools. It is designed for Firefox, Flock, Mozilla and Seamonkey, and will run on any platform that these browsers support including Windows, Mac OS X and Linux.
Several websites do their control validations using client side scriptings.
For example you want to retrive a invoice number from a particular website.
So the site allows you to enter only numbers(Integers) and also will retrieve only one record at a time.

So what will happen if you disable client scripts? If there isnt any sever side validations you have full privilege to enter anything on that field in order to process data.

So why dont you get full advantage of it?
If the website data processing has done by using SQL statements, Why dont you enter some SQL statements on that field and see what will happen?

Thats all about I have to say on this.. I guess you got my points.
ha ha!! All the best!

But keep it on your mind if you do something like that site will easily track your IP address and locate your location. So dont be afraid,use a anonymous proxy browsing site that I have mentioned below in order to hide IP and your funny face!! :-)

Some Usefull Links:-
http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf
http://www.ngssoftware.com/papers/advanced_sql_injection.pdf
http://www.imperva.com/application_defense_center/glossary/sql_injection.html

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)