Hack a Website
x' or 'a' = 'a If the website didn't let you log in using this string you can relax a bit; this article probably doesn't apply to you. However you might like to try this alternative: x' or 1=1-- Or you could try pasting either or both of the above strings into both the login and password field. Or if you are familiar with SQL you could try a few other variations. A hacker who really wants to get access to your site will try many variations before he gives up. If you were able to log in using any of these methods then get your web tech to read this article, and to read up all the other methods of SQL Injection. The hackers and "skript kiddies" know all this stuff; your web techs need to know it too. The technical stuff If you were able to log in, then the code which generates the SQL for the login looks something like this: $sql = "SELECT * FROM users "WHERE username = '" . $username . "' AND password = '" . $password . "'"; When you log in normally, let's say using userid admin and password secret, what happens is the admin is put in place of $username
and secret is put in place of $password . The SQL
that is generated then looks like this:SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'secret' But when you enter x' or 'a' = 'a as the password, the SQL
which is generated looks like this:SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x' or 'a' = 'a' Notice that the string: x' or 'a' = 'a has injected
an extra phrase into the WHERE clause: or 'a' = 'a' . This
means that the WHERE is always true, and so this query will return a
row contain the user's details.If there is only a single user defined in the database, then that user's details will always be returned and the system will allow you to log in. If you have multiple users, then one of those users will be returned at random. If you are lucky, it will be a user without administration rights (although it might be a user who has paid to access the site). Do you feel lucky? How to defend against this type of attack Fixing this security hole isn't difficult. There are several ways to do it. If you are using MySQL, for example, the simplest method is to escape the username and password, using the mysql_escape_string() or mysql_real_escape_string() functions, e.g.: $userid = mysql_real_escape_string($userid); $password = mysql_real_escape_string($password); $sql = "SELECT * FROM users "WHERE username = '" . $username . "' AND password = '" . $password . "'"; Now when the SQL is built, it will come out as: SELECT * FROM users WHERE username = 'admin' and PASSWORD = 'x\' or \'a\' = \'a' Those backslashes ( \ ) make the database treat the quote as a normal character rather than as a delimiter, so the database no longer interprets the SQL as having an OR in the WHERE clause. This is just a simplistic example. In practice you will do a bit more than this as there are many variations on this attack. For example, you might structure the SQL differently, fetch the user using the user name only and then check manually that the password matches or make sure you always use bind variables (the best defence against SQL injection and strongly recommended!). And you should always escape all incoming data using the appropriate functions from whatever language your website is written in - not just data that is being used for login. There's more This has just been a brief overview. There are many more hacking techniques than SQL Injection; there are many more things that can be done just using SQL Injection. It is possible to directly change data, get access to confidential information, even delete your whole database — irrespective of whether the hacker can actually log in — if your website isn't set up correctly.
|
Popular Posts Right Now Pro Hacker Quotes The more you know about Hacking, the more you realize you know nothing in Computer Archives
Show fake PC configurations Hack a Website Hack Internet Explorer Create a Hidden Account in Windows XP Stop Using Internet Explorer Skype: Tips, Addons, Hacks and Extras Secure Your Wireless Network Chat With Command Prompt Hack Twitter Using Twitter Bot How to Hack Windows Administrator Password Protect your Computer from USB Virus Cracking Passwords Using a USB Crack Windows Password Instantly Remote Desktop Control & Remote Monitoring Windows 7 Roundup Theef: BackDoor Trojan Top 10 facebook Hacks 3 Firefox Tips The Hackers Underground Handbook How to Disguise as GoogleBot Set Up Remote Desktop Web Connection How to Make Invisible Password Protected Folder Hide IP Address Find Unauthorized Activity on Your Email Account How to Repair Registry of Windows PC How to Block Unwanted Emails Change the Logon Screen Background in Windows 7 How to Test the Working of your Antivirus Hack Software and Run the Trial Program Forever How to Compile C Programs Hacking Yahoo Messenger Crack RapidShare Wait Limit Advertisement
|
I want to show you just one way that hackers can get in to your
website and mess it up, using a technique called SQL Injection.
And then I'll show you how to fix it. This article touches on some
technical topics, but I'll try to keep things as simple as possible.
There are a few very short code examples written in PHP and SQL. These
are for the techies, but you don't have to fully understand the examples
to be able to follow what is going on. Please also note that the
examples used are extremely simple, and Real Hackers™ will use
many variations on the examples listed.
