Results 1 to 4 of 4

Thread: Sql Injection

  1. #1

    Sql Injection


    This Is My Tutorial Over "SQL INJECTION" , Hope It Would Help Out Many Out Here.

    Basically SQL INJECTION Is A Attack Over Weak Programming And Can Affect Major Over The Databases.

    No Lets Jump Out Here:

    Consider a Form As Shown below,

    The Form Accepts a Username and Password.It Would then Probably Query a database to retrieve some information
    Let Us Say that this is a bank database and, hypothetically,it has a table user_id with following
    structure shown below:

    Username Password AccountNumber

    The Account number is used for all transactions, and will be retrived from the table when the user
    ebters his username and password.This Would Most Likely be Done By a query Like ...

    Select account_number from user_id where
    username='spechacker' and password='jamesbond'

    Bit What Happens if the user enters his name as spechacker' instead of spechacker??? The Query Now Becomes...

    Select account_number from user_id where
    username='spechacker'' and password='jamesbond'

    This Is an Error And So the Database Server Will Return An Error.This Could Be Something Similar
    to What's Shown Below:

    Native Error Code:1756

    Now From Above We Come Here to state an information....

    * We Know that we can managle the query at our will

    * We Know the database at the back-end.In this Case It Is Oracle.

    Now What If We Entered Our Password As jamesbond' OR 'b' = 'b? The Query Becomes......

    Selecr account_number from user_id where
    username='spechacker' and passwords= 'jamesbond' OR 'b'='b'

    This Is a Valid SQL query. Further, It Will always yield True Since 'b'='b' always Yields True.
    Hence This will Result In an Overall true.This Means that You Could Type any password and log in

    Moving On To Other Possibilities

    We Have Seen That Quating Can Wreak All Sorts Of Havoc in the authentication scheme.Another Offending string is the '-'

    This Is USed As A Comment In SQL.Now,What If We Entered Our Username As spechacker;-?

    The Query Would Be...

    Select account_number from user_id where
    username=spechacker'- and password='jamesbond'

    As You Can See The Entire 'where' clause has been eliminated.In short, no password check is performed!

    Furthermore,the ';'(semicolon) character is used in SQL to seperate two queries.While Some Databases

    Ignore This Such as Oralce , Others Such As MS SQL2000 And MYSQL Use it.This is by Far the Most Dangerous.By this the

    attacker has access to your databases.

    A Query Such As..

    Select account_number from user_id where username='spechacker';
    update balance_table set balance_amnt=87497824 where
    user='spechacker'--' and password='jamesbond'

    Can Easily Formed By Entering A Username.

    spechacker';update balance_table set balance_amnt=87497824 where user='spechacker'--

    If The User Were to USe Some Dangerous Query Like Drop Table,You Could be in Real Trouble!

    Many Databases Have Commands tht are used to execute Shell Commands.Some Like PostgreSQL,Have
    XP_shellexec that can compromise the entire system by running programs such as FTP to get Trojan

    How To Prevent This Attack ............

    1. Escape/Filter Special Characters whereever not required.
    Ensure that characters such as' ,;()- are dealt with properly.

    2. Run the Web Application as the database User with the least Possible privileges.

    3. Run The Web Application as An Operating System User with the Least +ve Privileges.

    4. Limit the field lengths.No One Will Enter an 80-Character username.

    Let us Prevent This Attack And Provide More Security To The Web.


    Hope This Tutorial Will Surely Help EveryOne In This Board.


    SpecHackers Team!

  2. #2
    Senior Member
    Join Date
    Feb 2002
    ... please go away.
    I cant neg you hard enough. THis is how to hack, AND how to prevent it, it should be how to PREVENT it... now whoever dont know how, at least knows a way, if not where to start looking...
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  3. #3
    Join Date
    Jul 2002
    Actually the post doesn't bother me its more about who its comeing from. Didn't you guys already steal a few tutorials from my fellow AOers? I wouldn't be surprised if this were the case here...

    ok ok ok so anyways... if I remember correctly you also spamed us. Then you complained when another guy did the exact same crap on your board. Then when I confronted you about it right on your own board you deleted all posts containing comments about how you spamed us then took tutorials from this site. You guys also keep re-doing your site in a lame attemt to cover-up old content proveing how lame you are. Well now your in one of my favorite hangouts.

    Avenger_jcc, continue the bitch slaping on this ugly and stupid *******. We'll go shooting awhile later.

  4. #4
    HeadShot Master N1nja Cybr1d's Avatar
    Join Date
    Jul 2003
    Boston, MA
    ROFL i can't believe the spec morons are still up to this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts