Website Hacking always hot topic between Hacker,some days before i am tell you how to hack a website by SQL Injection with picture.
For watch old Post Click Here
Today post about How to Safe your site against SQL Injection Attack because security of website too important for save your Data Base by access unauthorised person.
If your site SQL vulnerable then a hacker go to site login page and type tha administrator username and in the password field type or paste like this..
x' or '1'='1
If the site vulnerable then it login and you change all settings but how this code work.If you are able to log in then the code on side ...
$sql=
"SELECT*FROM users
"WHERE username="" . $username .
" AND password="" . $password ."";
then your code work as...
SELECT *FROM users WHERE username='admin' and PASSWORD='HrDe' or '1'='1
Here x' or '1'='1 has injected an extra phrase into the WHERE clause that means WHERE is always true,and this query will return a row contain the user's details.
If single user defined in the DB,then user's details will always returned else multiple users then one of those user will be returned at random.
How to safe website by Deface ?
How to fix vulnerable hole on your website,it's not difficult.Many ways to do it.If you work with MySQL then simply you fix it by using the
mysql_escape_string()
or
mysql_real_escape_string() function for example....
$userid=mysql_real_escape_string($userid);
$password=mysq;_real_escape_string($password);
$sql=
"SELECT*FROM users
"WHERE username="" . $username .
" AND password="" . $password ."";
This work as...
SELECT*FROM users WHERE username='admin' and PASSWORD='x\' or \'a\' =\'a
It backslashes(\) make the DB treat query like a normal character rather than as a delimiter,by it DB no interprets the SQL an OR in the WHERE clause.
This is one method but many ways open for you to protect yourself.
If this information helpful for you,so only enter your name and email id and write down your comment.
This is the small gift for my work by you.