Hacking websites with SQL Injection π
-
What is SQL Injection ?
SQL Injection is a attack against websites / web applications which are using SQL Database.
Simply, Hacker will insert malicious SQL command and takeover the database.
How Does it Work?
Let's say, You have a code like this,
<?php $username = $_POST['username']; $password = md5($_POST['password']); $sql = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'"; ?>If user input,
Username : admin
Password : admin123The SQL will looks like,
SELECT * FROM `users` WHERE username = 'admin' AND password = '0192023A7BBD73250516F069DF18B500'It will works fine,
But If user input,
If your input,
Username : admin' OR 1 = 1 --
Password : admin123The SQL will looks like,
SELECT * FROM `users` WHERE username = 'admin' OR 1 = 1 --' AND password = '0192023A7BBD73250516F069DF18B500'Here you can see, The password query will be commented (Will not Execute).
And1 = 1is always true, The hacker can get all the information of Users.They can delete or change any record too.
Click Here | Watch SQl Injection tutorial
SQL Injection Strings
Click Here | Some injection Strings
How to prevent SQL Injections?
Nowadays, Most of the back-end frameworks handle injections itself. But If you don't use any frameworks, You can do it manually.
Every language has built-in functions for handle SQL injections while binding data.
-
very informative bro...
-
@dev_lak :+1:
-
This is awesome bro, nice example . Thanks
-
@root :grinning: :grinning:
-
Awesomeπ
-
@GeethOnion ππππ
-
Awesome, we want this kind of articles. Thanks
-
@ciaompe :+1: :+1:
-
useful b6 keep it up
-
@Malith βοΈβοΈβοΈ
