Tuesday, 1 March 2011

Hack an Website ? SQL Injection ? Very simple

Hack an Website ? SQL Injection ? Very simple



Are you looking for some useful tips to improve your web projects security? In this post I suggest you some interesting points about this topic.
Hacking is very interesting topic you can improve programming skill.
SQL Injection
SQL Injection like this






Login Java Code

String userid = request.getParameter(“userid”);
String password = request.getParameter(“password”);
Class.forName(“sun.jdbc.odbc.JdbcOdbcDriver”);
connection = DriverManager.getConnection(“jdbc:odbc:projectDB”);query = “SELECT * FROM Users WHERE user_id =’” + userid + “‘ AND password =’” + password +”‘”;

PreparedStatement ps = connection.prepareStatement(query);
ResultSet users = ps.executeQuery();
if(users.next()){
//some thing here
}
else{
}

Injection Works like this

query = “SELECT * FROM Users WHERE user_id =” OR 1=1; /* AND password =’*/–’”;
Login PHP Code;
Username = ‘ OR 1=1;//
Password = ….
$myusername=$_POST['usr'];
$mypassword=$_POST['pwd'];$sql=”SELECT * FROM users WHERE user=’$myusername’ and password=’$mypassword’”;

$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
//some code
}
else {
}

Injection Works like this

$sql=”SELECT * FROM users WHERE user=”OR 1 = 1;//’ and password=’….’”;
How to avoid these mistakes Use addSlashes() function adding slashes(/) to the string in java and php
//Java Code
addSlashes(String userid);// PHP Code
$myusername=addslashes($_POST['usr'];);

Hacker is intelligent than programmer. So always hide the file extension (eg: *.jsp,*.php,*.asp).
http://xyz.com/login.php to http://xyz.com/login
http://xyz.com/login to http://xyz.com/signin.do
In Java redirect this URL links using Web.xml file and inn php write .htaccess file in root directory.

1 comments: