Pages

How To Stop SQL Injection On Your Website

1 comments

Website Hacking always hot topic between Hacker,some days before i am tell you how to hack a website by SQL Injection with picture.

For watch old Post Click Here



Today post about How to Safe your site against SQL Injection Attack because security of website too important for save your Data Base by access unauthorised person.

If your site SQL vulnerable then a hacker go to site login page and type tha administrator username and in the password field type or paste like this..

x' or '1'='1

If the site vulnerable then it login and you change all settings but how this code work.If you are able to log in then the code on side ...

$sql=
"SELECT*FROM users
"WHERE username="" . $username .
" AND password="" . $password ."";

then your code work as...

SELECT *FROM users WHERE username='admin' and PASSWORD='HrDe' or '1'='1

Here x' or '1'='1 has injected an extra phrase into the WHERE clause that means WHERE is always true,and this query will return a row contain the user's details.

If single user defined in the DB,then user's details will always returned else multiple users then one of those user will be returned at random.




How to safe website by Deface ?

How to fix vulnerable hole on your website,it's not difficult.Many ways to do it.If you work with MySQL then simply you fix it by using the
mysql_escape_string()
or
mysql_real_escape_string() function for example....

$userid=mysql_real_escape_string($userid);
$password=mysq;_real_escape_string($password);
$sql=
"SELECT*FROM users
"WHERE username="" . $username .
" AND password="" . $password ."";

This work as...

SELECT*FROM users WHERE username='admin' and PASSWORD='x\' or \'a\' =\'a

It backslashes(\) make the DB treat query like a normal character rather than as a delimiter,by it DB no interprets the SQL an OR in the WHERE clause.
This is one method but many ways open for you to protect yourself.

If this information helpful for you,so only enter your name and email id and write down your comment.
This is the small gift for my work by you.



Hackarde Come 1 More Step Near You

0 comments

Congrats! me and all viewer because your beloved blog "HACKARDE" come to near you 1 step more with Twitter.


Ya! it is right today "HACKARDE" start his Twitter Account because if you want like to near about "HACKARDE" so "HACKARDE" also like near about you.

All person know that today is the time of Social Networking and many people like to share our thing and work with other person,Twitter is a g8t place where you share your all passion.Many Companies CEO,biggest business man,Socialist,and Film Star follow twitter to connect with all person.

So i am thought why not "HACKARDE" share his view with his viewer,So the Result is Today "HACKARDE" launch his Twitter Account in Front of you.

My request to all viewer go to Twitter and Follow the "HACKARDE" for latest update.

For Follow "HACKARDE" Please click on the "FOLLOW ME ON TWITTER!" link which Shown in Blog at top right Side.


BruCON Agnitio workshop Slides and Video Demonstration - Download

0 comments

Workshop by David Rook at BruCON 2011 in Belgium. You can Download Slide from here.
Required for the Agnitio hands on demos:



Optional
In addition to the list above the following things are optional depending on how hands on you want to be:
  • Internet connection to download an application from the Android market place
  • Eclipse IDE installed
  • Android SDK installed
  • Android Debug Bridge (adb) installed, this should be installed as part of the SDK install
  • An AVD configured with the Android market place app installed (instructions here)
  • I think you can also use a rooted Android device if you don’t want to use the emulator
Workshop format
  • A quick look at static analysis and the strengths and weaknesses of humans and software
  • What is Agnitio and why do I think checklists are a vital component of security code reviews
  • Some examples of what can go wrong if you don’t use checklists to find and remove simple flaws
  • Demos/hands on: using checklists in Agnitio to review source code, produce reports and metrics
  • Demos/hands on: how to customise your Agnitio installation
  • A look at mobile (Android and iOS) application security and how analysis is currently done
  • Demo/hands on: using the mobile specific rule sets in the Agnitio static analysis module
  • Demo/hands on: downloading an app from the marketplace and decompiling it using Agnitio.

Source:TheHackerNews

Related Posts Plugin for WordPress, Blogger...

Hackarde's Search Engine- Search Hacking Tutorial,Tool and eBook

Loading
 
HACKARDE © 2011 | Designed by HrDe