Friday, 11 January 2013
The Simple SQL Injection HAck :P
Labels:
Hacking
,
Tips and Tricks
The Simple SQL Injection Hack
SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application. When you enter text in the Username and Password fields of a
login screen, the data you input is typically inserted into an SQL command. This command checks the data against the relevant table in the database. If you‘re input matches table/row data, you're granted access (in the case of a login screen). If not, you're knocked back out.
In its simplest form, this is how the SQL Injection works. It's impossible to explain this without reverting to code for just a moment.Here is the code
Suppose we enter the following string in a User name field:
' OR 1=1
The authorization SQL query that is run by the server, the
command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = „USRTEXT ' AND password = „PASSTEXT‟
Where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
So entering `OR 1=1 — as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ‗' OR 1=1 — 'AND password = '‘
In terms of login bypass via Injection, the hoary old ' OR 1=1 is just one option. If a hacker thinks a site is vulnerable, there are cheat-sheets all over the web for login strings which can gain access to weak systems. Here are a couple more common strings
which are used to dupe SQL validation routines: username field examples:
• admin'—
• ') or ('a'='a
• ”) or ("a”=”a
• hi” or "a”=”a
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment