SQL Injection Tips And techniques
- SQL Injection: When SQL code is ran on a website that is not hard coded into website that exploits a security vulnerability occurring in the database layer of the server application
- General Example: A textbox that displays what was entered on the page
- Specific Example: Submitting <?php DROP TABLE * ?> in a input text field that displays value below it causing the tables to be dropped and the website destroyed.
USES of SQL Injection
Finding a SQL exploit in a website gives you full control of the website allowing to run any command for example Increase a Variable like Money on a certain Civics Mirror Website. But the most common use use of SQL injection is to gain information from the database such as passwords, credit card data and even you peoples hidden agenda. Very few websites are so insecure to allow you to hack right threw login systems in less there programmed by a novice but entering 1′or’1′=’1 as the username and password will login to the first user in the database if they where that novice or built there website in 1997 and haven’t updated it since.
How To Protect From SQL Injection
When using Mysql using the mysql_real_escape_string function on the string you passing will clean the PHP out of it rendering it safe. Another good way to prevent SQL exploits is to use the CLEAN function with is available on all database types but may be disable by you server provider. But the best way to avoid SQL Injections is just don’t use variables from GET ,POST or COOKIE methods that interface with a database.
0 comments:
Post a Comment