Lanka Developers Community

    Lanka Developers

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Shop

    Hacking websites with SQL Injection πŸ’‰

    Information Security
    hack sql-injection pen-testing ethical hacking
    6
    11
    2339
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • b6
      b6 last edited by b6

      What is SQL Injection ?


      alt text

      SQL Injection is a attack against websites / web applications which are using SQL Database.

      Simply, Hacker will insert malicious SQL command and takeover the database.

      How Does it Work?


      Let's say, You have a code like this,

      <?php
      
             $username = $_POST['username'];
             $password = md5($_POST['password']); 
             $sql = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'";
             
      ?>
      

      If user input,
      Username : admin
      Password : admin123

      The SQL will looks like,

      SELECT * FROM `users` WHERE username = 'admin' AND password = '0192023A7BBD73250516F069DF18B500'
      

      It will works fine,


      But If user input,

      If your input,
      Username : admin' OR 1 = 1 --
      Password : admin123

      The SQL will looks like,

      SELECT * FROM `users` WHERE username = 'admin' OR 1 = 1 --' AND password = '0192023A7BBD73250516F069DF18B500'
      

      Here you can see, The password query will be commented (Will not Execute).
      And 1 = 1 is always true, The hacker can get all the information of Users.

      They can delete or change any record too.

      Click Here | Watch SQl Injection tutorial

      SQL Injection Strings

      Click Here | Some injection Strings


      How to prevent SQL Injections?

      Nowadays, Most of the back-end frameworks handle injections itself. But If you don't use any frameworks, You can do it manually.

      Every language has built-in functions for handle SQL injections while binding data.

      PHP
      PyTHON
      .NET
      NodeJS
      Java

      1 Reply Last reply Reply Quote 4
      • dev_lak
        dev_lak last edited by

        very informative bro...

        b6 1 Reply Last reply Reply Quote 1
        • b6
          b6 @dev_lak last edited by

          @dev_lak :+1:

          1 Reply Last reply Reply Quote 1
          • root
            root Linux Help last edited by

            This is awesome bro, nice example . Thanks

            b6 1 Reply Last reply Reply Quote 1
            • b6
              b6 @root last edited by

              @root :grinning: :grinning:

              1 Reply Last reply Reply Quote 0
              • GeethOnion
                GeethOnion last edited by

                Awesome😍

                b6 1 Reply Last reply Reply Quote 2
                • b6
                  b6 @GeethOnion last edited by

                  @GeethOnion πŸ‘ŒπŸ‘ŒπŸ‘ŒπŸ‘Œ

                  1 Reply Last reply Reply Quote 0
                  • ciaompe
                    ciaompe last edited by

                    Awesome, we want this kind of articles. Thanks

                    b6 1 Reply Last reply Reply Quote 1
                    • b6
                      b6 @ciaompe last edited by

                      @ciaompe :+1: :+1:

                      1 Reply Last reply Reply Quote 0
                      • Nubelle
                        Nubelle Web Development last edited by

                        useful b6 keep it up

                        b6 1 Reply Last reply Reply Quote 1
                        • b6
                          b6 @Nubelle last edited by

                          @Malith ✌️✌️✌️

                          1 Reply Last reply Reply Quote 0
                          • 1 / 1
                          • First post
                            Last post

                          1
                          Online

                          3.6k
                          Users

                          1.3k
                          Topics

                          5.3k
                          Posts

                          • Privacy
                          • Terms & Conditions
                          • Donate

                          © Copyrights and All right reserved Lanka Developers Community

                          Powered by Axis Technologies (PVT) Ltd

                          Made with in Sri Lanka

                          | |