Skip to main content

SQL INJECTION


What is SQL INJECTION


  • SQL INJECTION is getting Unauthorized access to database.
  • After successful authentication by SQL injection attacker tries to harm or dispose or cause any type of harm to a database. 
  • A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. 
  • SQL injection we try to use SQL comments or using logical Boolean relational algebra i.e (OR & AND clause) to get data from db.

How to Perform basic SQL injection


Make a basic html form page without providing front end validation.
Make a Folder in your local host directory as test
HTML FORM AS index.html in your localhost directory(var/WWW/html/test)
or in ht docs in XAMPP
then add this HTML simple form as index.html

<!DOCTYPE html>
<html>
<body>
                <form action="action.php" method="post">
<div>
<h2><b>Please Enter Details</b></h2>
Name:<input type="text" name="name">
Password:<input type="password" name="pass">
<input type="Submit" valiie=submit>
</div>
</form>
<style>
body{
                color:blue;
background-color:purple;}
form{margin-left:10%;
margin-right:30%;
margin-top:5%;
background-color:yellow;
}
div{
padding-left:10%;
padding-bottom:5%;
}
input{
padding-bottom:10px;
display:block;
margin-bottom:3%;
}
</style>
</body>
</html>


Then Open it on localhost
Make Another Php page save it as action.php

<?php
$username=$_POST['name'];
$password=$_POST['pass'];
$con=mysqli_connect('localhost','root','root','test');

$query=mysqli_query($con,"SELECT * FROM `login` WHERE `username` = '$username' AND password= '$password'");
//echo "SELECT * FROM `login` WHERE `username` = '$username' AND password= '$password'";
if(mysqli_num_rows($query)==1)
echo "Sucessful";
else
 echo "failed";
?>
Now Goto phpmyadmin and make a db name test then add a table login and this Structure 

Then Add a few Entries as you wish 
( INSERT INTO `login`(`username`, `password`) VALUES ([value-1],[value-2]))

now check whether you can login successfully or not by providing correct username and password if you provide incorrect name or password it prints failed.

On Providing wrong password it gives failed Right
IN SQL injection we will try to access without providing password we will get successful.Now if you uncomment the echo you are able to see the query executed in SQL
Example:
if i have data username="zohar" and password="1234" in my database
if i provide name ="zohar" and password as blank and press submit 


  • SELECT * FROM `login` WHERE `username` = 'zohar' AND password= ''failed
now to access this we provide name=zohar' OR '1==1 and password as blank and submit

  • SELECT * FROM `login` WHERE `username` = 'zohar' OR '1==1' AND password= ''Sucessful
Now We are Successfully Able to access the database.
So this means Providing zohar' OR '1==1 we were able to access the database successfully.
IF you open sql in phpmyadmin
type this query
SELECT * FROM `login` WHERE `username` = 'YOUR USERNAME FROM DB' /* '' AND password= ''


we can see it success fully executed commenting out password but since mysqli provides security from multi line comment we cannot inject with multiline comments which is /*
mysqli also doesnot allow to execute multiple queries like previous mysql so we have to check if mysqli_multi_query() function is used or not to drop table or drop database
Now to drop tables and database we change out php scipt
<?php
$username=$_POST['name'];
$password=$_POST['pass'];
$con=mysqli_connect('localhost','root','root','test');

 $query=mysqli_multi_query($con,"SELECT * FROM `login` WHERE `username` = '$username' AND password= '$password'");
echo "SELECT * FROM `login` WHERE `username` = '$username' AND password= '$password'";
if($query)
echo "Sucessful";
else
 echo "failed";
?>
Now We will first make a backup of our database.
Now Finally we will trop the table of database.
We will make changes to password to make it visible make input type from password to text
then Simply do the following steps:-


Now Restore the database from the backup which we created before.
Similarly to drop table we will do a drop database.



test database is dropped

Labels:

Comments

Post a Comment

Popular posts from this blog

Columnar Transposition Cipher

Columnar Transposition Cipher Introduction  The columnar transposition cipher is a fairly simple, easy to implement cipher. It is a transposition cipher that follows a simple rule for mixing up the characters in the plaintext to form the ciphertext. Although weak on its own, it can be combined with other ciphers, such as a substitution cipher, the combination of which can be more difficult to break than either cipher on it's own. The  ADFGVX cipher uses a columnar transposition to greatly improve its security. Example  The key for the columnar transposition cipher is a keyword e.g.  GERMAN . The row length that is used is the same as the length of the keyword. To encrypt a piece of text, e.g. defend the east wall of the castle we write it out in a special way in a number of rows (the keyword here is  GERMAN ): G E R M A N d e f e n d t h e e a s t w a l l o f t h e c a s t l e x x In the above example, the plaintext has been padded so that ...
Post a Comment
Read more

UPD Attack in Python

UDP flood attack A UDP flood attack is a denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a sessionless/connectionless computer networking protocol. Using UDP for denial-of-service attacks is not as straightforward as with the Transmission Control Protocol (TCP). However, a UDP flood attack can be initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the distant host will: Check for the application listening at that port; See that no application listens at that port; Reply with an ICMP Destination Unreachable packet. Thus, for a large number of UDP packets, the victimized system will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients. The attacker(s) may also spoof the IP address of the UDP packets, ensuring that the excessive ICMP return packets do not reach them, and anonymizing their network location(s). Most operating systems mit...
Post a Comment
Read more

Study of Support Vector Machines

Introduction to support vectors In machine learning, support vector machines (SVMs, also support vector networks) are supervised learning models with associated learning algorithms that analyze data used for classification and regression analysis. What are support vectors Support vectors are the data points that lie closest to the decision surface (or hyperplane) • They are the data points most difficult to classify • They have direct bearing on the optimum location of the decision surface • We can show that the optimal hyperplane stems from the function class with the lowest “capacity”= # of independent features/parameters Theoretical concept SVMs maximize the margin (Winston terminology: the ‘street’) around the separating hyperplane.  • The decision function is fully specified by a (usually very small) subset of training samples, the support vectors.  • This becomes a Quadratic programming problem that is easy to solve by standard methods Separation by Hyperplanes • Assu...
Post a Comment
Read more