SQL injection is a technique often used to attack databases through a website.
SQL injection is a code injection technique that exploits a security vulnerability in a website's software .
Thus SQL command are injected from website to database at back end.
Consider a sql relation account(name,passwd,balance).Now the php in website will read the usenrame and password and assing to variable $n and $p respectively.
The sql querry will be
SELECT balance FROM account
WHERE name='n' AND passwd='p';
This will work for normal user inputs.
If the user input $n=adarsh '- -
Then -- in sql represent a comment statement.
The sql querry will be
SELECT balance FROM account
WHERE name='adarsh'- - AND passwd='p';
The querry is equivalent to
SELECT balance FROM account
WHERE name='adarsh'
Hence an attacker will be able to acess the account relation of an user simply using username.
We can use this basically to log into a database account of a user without password.
First in login page provide a valid user-name and for passsword:anything 'or'x'='x
This wil work if the site administrator has not taken necessary preperation against these kind of attack.
WARNING:CONTENT FOR INFORMATIONAL USE ONLY
SQL injection is a code injection technique that exploits a security vulnerability in a website's software .
Thus SQL command are injected from website to database at back end.
Consider a sql relation account(name,passwd,balance).Now the php in website will read the usenrame and password and assing to variable $n and $p respectively.
The sql querry will be
SELECT balance FROM account
WHERE name='n' AND passwd='p';
This will work for normal user inputs.
If the user input $n=adarsh '- -
Then -- in sql represent a comment statement.
The sql querry will be
SELECT balance FROM account
WHERE name='adarsh'- - AND passwd='p';
The querry is equivalent to
SELECT balance FROM account
WHERE name='adarsh'
Hence an attacker will be able to acess the account relation of an user simply using username.
We can use this basically to log into a database account of a user without password.
First in login page provide a valid user-name and for passsword:anything 'or'x'='x
This wil work if the site administrator has not taken necessary preperation against these kind of attack.
WARNING:CONTENT FOR INFORMATIONAL USE ONLY
No comments:
Post a Comment