How to use RSS Feeds...


Saturday, Aug 9th, 2008 ↓

SQL Injection - Is your site protected from it ? [Hacking]

Little time back we had written on how to hack BSNL Dataone accounts (the National Internet Backbone) and how to save your own account. Today we will like to discuss about a little exploit which is quite common on the sites using SQL. The trick is called SQL Injection.

What is SQL Injection ?

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.

In other words:

“SQL Injection” is subset of the an unverified/unsanitized user input vulnerability (“buffer overflows” are a different subset), and the idea is to convince the application to run SQL code that was not intended.

Why SQL injection works ?

The reason SQL injection works is that whereas most systems separate code and data, SQL combines them together. All a hacker needs to do is include some of his own code with the data he sends to a website, then he can gain control of the website.

How to use it ?

Though there are many useful resources on the net, on of the simplest one is given below in the video.

Need to know more about it ?

Try these:

SQL Injection Attacks by Example

How to exploit the SQL Injection Attack

Or simply Google

The purpose of the post is not to encourage hacking, but to get yourself equipped with knowledge to prevent your own site from such attacks. So beware of SQL INJECTION!

Comments (View)
Tags: SQL Injection coding hacking system protect trick exploit
blog comments powered by Disqus

A FuLLy-FaLtOo BloG

↑ Grab this Headline Animator