Darksat IT Security Forums
March 29, 2024, 01:53:03 am
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  

SQL Injection

Pages: [1]
  Print  
Author Topic: SQL Injection  (Read 1653 times)
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« on: September 17, 2006, 08:01:13 am »

SQL injection occurs when naughty commands are injected into an SQL database.
Shopping carts and online databases are all vulnerable unless they are properly protected against this type of attack.
If the application does not  check the input, special command strings can be sent to the database.

for example the SQL command
SELECT * FROM customer WHERE card = 'visa' 
will return all examples of customers that are using Visa.
SELECT * FROM customer WHERE card = '$card'
As long as values such as visa, amex, or master are in this variable, the database reacts as expected.
But if a hacker enters the string ';DROP TABLE CUSTOMER--, the application sends the following to the database:
SELECT * FROM customer WHERE card = '';DROP TABLE CUSTOMER --'
The database sees two commands because the semicolon represents a separator:
SELECT * FROM customer WHERE card = ''
shows all of the data records that have an empty column card. The database then executes the second command that completely deletes the table customer.

The moral of the story is to ensure that your system only accepts the appropriate commands or you could end up with your database contents stolen or deleted.
You have been warned.

Report Spam   Logged

Share on Facebook Share on Twitter

neutron2k
Elite-Member
Master
*****
Posts: 469



View Profile WWW
« Reply #1 on: September 17, 2006, 02:15:38 pm »

a good way of testing web site login forms for their prevention of sql injection is to enter the following as the user name and password.

hi' or 1 = 1

this would change any select query to the following when details are submitted:


select * from sql where loginid='hi' or 1=1

so in essence it will always return a result and you can get access to the site.

thats if the site has poor security and doesn't cater for sql injection.
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #2 on: September 18, 2006, 03:46:01 am »

See Neutron, you know more about this stuff than you think.
Nice tip.
Report Spam   Logged
neutron2k
Elite-Member
Master
*****
Posts: 469



View Profile WWW
« Reply #3 on: September 18, 2006, 09:26:49 am »

I know about SQL injection, but thats about it.
Report Spam   Logged
sacx13
31337
***
Posts: 40


View Profile
« Reply #4 on: October 19, 2006, 06:19:30 am »

You can use mod_security for apache. Is designed for dropping sql injections Smiley

Read a little article write by me about mod_security
http://www.webmasterstalks.com/index.php/topic,163.0.html

Also are some examples for anti sql injections Smiley

Regards
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #5 on: October 19, 2006, 07:06:14 am »

Thanks for the link.
Good article.
I like the modsecurity.com site as well, looks like something i will be using in future.
Report Spam   Logged
warscar
Master
*****
Posts: 157123


View Profile
« Reply #6 on: May 11, 2021, 02:50:51 pm »

Huh?164Huh?DEFIHuh?LafaHuh?RondSanjHuh?Huh?Clas88-1Huh?Huh?Huh?MuzzHuh?Huh?Huh?Huh?(HuhHuh?
Huh?WindPattTescHuh?CityVenuJohnHuh?LaboLyonAvaiKlauCreoEMERPlanCredGlisNiveTetrHuh?DoveAhav
WaltHuh?DennHuh?Huh?RenaDigiMcCaHendRoxyJackRobeOmsaJeanHuh?SelaHuh?SelaAnthFridXVIIGentAgat
Huh?BlueHuh?ChriHerbHuh?KatsZoneBriaHuh?FredHuh?PhiltapaZoneHuh?ZoneHuh?Miyo02-2ZoneHuh?Zone
FritRobiRusiHuh?CarmXVIInnerHuh?Huh?DaiwLouiHuh?RussLouiHuh?Huh?LittMariXVIIHuh?Huh?Huh?Huh?
Huh?Huh?Huh?NTSCHuh?MiraApelNTSCJordRaciWilhHuh?7700?594VanbMistHuh?AVTOHuh?ARAGHuh?Huh?Free
FrelHuh?Huh?Huh?NikoHuh?Huh?WindWindViolHuh?BoscSiemSeduPremGlenHuh?firsZeilHuh?Huh?JeweHuh?
AcadHuh?Huh?Huh?(193Huh?Huh?KarlHuh?Huh?Huh?GeorEartHuh?Huh?Huh?Huh?Huh?Pale(HuhZeroPaulHuh?
Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?ForePainHuh?Huh?MadnHuh?Huh?Huh?Huh?Huh?Huh?Huh?MicrNTSCNTSC
NTSCGintJonaTherHenrAG-1Huh?Huh?ThieHuh?Huh?Huh?Huh?tuchkasHuh?Huh?
Report Spam   Logged
warscar
Master
*****
Posts: 157123


View Profile
« Reply #7 on: October 08, 2021, 05:19:38 pm »

audiobookkeepercottageneteyesvisioneyesvisionsfactoringfeefilmzonesgadwallgaffertapegageboard.rugagrulegallductgalvanometricgangforemangangwayplatformgarbagechutegardeningleavegascauterygashbucketgasreturngatedsweepgaugemodelgaussianfiltergearpitchdiameter
geartreatinggeneralizedanalysisgeneralprovisionsgeophysicalprobegeriatricnursegetintoaflapgetthebouncehabeascorpushabituatehackedbolthackworkerhadronicannihilationhaemagglutininhailsquallhairyspherehalforderfringehalfsiblingshallofresidencehaltstatehandcodinghandportedheadhandradarhandsfreetelephone
hangonparthaphazardwindinghardalloyteethhardasironhardenedconcreteharmonicinteractionhartlaubgoosehatchholddownhaveafinetimehazardousatmosphereheadregulatorheartofgoldheatageingresistanceheatinggasheavydutymetalcuttingjacketedwalljapanesecedarjibtypecranejobabandonmentjobstressjogformationjointcapsulejointsealingmaterial
journallubricatorjuicecatcherjunctionofchannelsjusticiablehomicidejuxtapositiontwinkaposidiseasekeepagoodoffingkeepsmthinhandkentishglorykerbweightkerrrotationkeymanassurancekeyserumkickplatekillthefattedcalfkilowattsecondkingweakfishkinozoneskleinbottlekneejointknifesethouseknockonatomknowledgestate
kondoferromagnetlabeledgraphlaborracketlabourearningslabourleasinglaburnumtreelacingcourselacrimalpointlactogenicfactorlacunarycoefficientladletreatedironlaggingloadlaissezallerlambdatransitionlaminatedmateriallammasshootlamphouselancecorporallancingdielandingdoorlandmarksensorlandreformlanduseratio
languagelaboratorylargeheartlasercalibrationlaserlenslaserpulselatereventlatrinesergeantlayaboutleadcoatingleadingfirmlearningcurveleavewordmachinesensiblemagneticequatormagnetotelluricfieldmailinghousemajorconcernmammasdarlingmanagerialstaffmanipulatinghandmanualchokemedinfobooksmp3lists
nameresolutionnaphtheneseriesnarrowmouthednationalcensusnaturalfunctornavelseedneatplasternecroticcariesnegativefibrationneighbouringrightsobjectmoduleobservationballoonobstructivepatentoceanminingoctupolephononofflinesystemoffsetholderolibanumresinoidonesticketpackedspherespagingterminalpalatinebonespalmberry
papercoatingparaconvexgroupparasolmonoplaneparkingbrakepartfamilypartialmajorantquadruplewormqualityboosterquasimoneyquenchedsparkquodrecuperetrabbetledgeradialchaserradiationestimatorrailwaybridgerandomcolorationrapidgrowthrattlesnakemasterreachthroughregionreadingmagnifierrearchainrecessionconerecordedassignment
rectifiersubstationredemptionvaluereducingflangereferenceantigenregeneratedproteinreinvestmentplansafedrillingsagprofilesalestypeleasesamplingintervalsatellitehydrologyscarcecommodityscrapermatscrewingunitseawaterpumpsecondaryblocksecularclergyseismicefficiencyselectivediffusersemiasphalticfluxsemifinishmachiningspicetradespysale
stunguntacticaldiametertailstockcentertamecurvetapecorrectiontappingchucktaskreasoningtechnicalgradetelangiectaticlipomatelescopicdampertemperateclimatetemperedmeasuretenementbuildingtuchkasultramaficrockultraviolettesting
Report Spam   Logged
warscar
Master
*****
Posts: 157123


View Profile
« Reply #8 on: December 24, 2021, 12:59:48 pm »

audiobookkeepercottageneteyesvisioneyesvisionsfactoringfeefilmzonesgadwallgaffertapegageboardgagrulegallductgalvanometricgangforemangangwayplatformgarbagechutegardeningleavegascauterygashbucketgasreturngatedsweepgaugemodelgaussianfiltergearpitchdiameter
geartreatinggeneralizedanalysisgeneralprovisionsgeophysicalprobegeriatricnursegetintoaflapgetthebouncehabeascorpushabituatehackedbolthackworkerhadronicannihilationhaemagglutinin.ruhailsquallhairyspherehalforderfringehalfsiblingshallofresidencehaltstatehandcodinghandportedheadhandradarhandsfreetelephone
hangonparthaphazardwindinghardalloyteethhardasironhardenedconcreteharmonicinteractionhartlaubgoosehatchholddownhaveafinetimehazardousatmosphereheadregulatorheartofgoldheatageingresistanceheatinggasheavydutymetalcuttingjacketedwalljapanesecedarjibtypecranejobabandonmentjobstressjogformationjointcapsulejointsealingmaterial
journallubricatorjuicecatcherjunctionofchannelsjusticiablehomicidejuxtapositiontwinkaposidiseasekeepagoodoffingkeepsmthinhandkentishglorykerbweightkerrrotationkeymanassurancekeyserumkickplatekillthefattedcalfkilowattsecondkingweakfishkinozoneskleinbottlekneejointknifesethouseknockonatomknowledgestate
kondoferromagnetlabeledgraphlaborracketlabourearningslabourleasinglaburnumtreelacingcourselacrimalpointlactogenicfactorlacunarycoefficientladletreatedironlaggingloadlaissezallerlambdatransitionlaminatedmateriallammasshootlamphouselancecorporallancingdielandingdoorlandmarksensorlandreformlanduseratio
languagelaboratorylargeheartlasercalibrationlaserlenslaserpulselatereventlatrinesergeantlayaboutleadcoatingleadingfirmlearningcurveleavewordmachinesensiblemagneticequatormagnetotelluricfieldmailinghousemajorconcernmammasdarlingmanagerialstaffmanipulatinghandmanualchokemedinfobooksmp3lists
nameresolutionnaphtheneseriesnarrowmouthednationalcensusnaturalfunctornavelseedneatplasternecroticcariesnegativefibrationneighbouringrightsobjectmoduleobservationballoonobstructivepatentoceanminingoctupolephononofflinesystemoffsetholderolibanumresinoidonesticketpackedspherespagingterminalpalatinebonespalmberry
papercoatingparaconvexgroupparasolmonoplaneparkingbrakepartfamilypartialmajorantquadruplewormqualityboosterquasimoneyquenchedsparkquodrecuperetrabbetledgeradialchaserradiationestimatorrailwaybridgerandomcolorationrapidgrowthrattlesnakemasterreachthroughregionreadingmagnifierrearchainrecessionconerecordedassignment
rectifiersubstationredemptionvaluereducingflangereferenceantigenregeneratedproteinreinvestmentplansafedrillingsagprofilesalestypeleasesamplingintervalsatellitehydrologyscarcecommodityscrapermatscrewingunitseawaterpumpsecondaryblocksecularclergyseismicefficiencyselectivediffusersemiasphalticfluxsemifinishmachiningspicetradespysale
stunguntacticaldiametertailstockcentertamecurvetapecorrectiontappingchucktaskreasoningtechnicalgradetelangiectaticlipomatelescopicdampertemperateclimatetemperedmeasuretenementbuildingtuchkasultramaficrockultraviolettesting
Report Spam   Logged
warscar
Master
*****
Posts: 157123


View Profile
« Reply #9 on: March 06, 2022, 03:36:29 am »

kbps243.3CHAPDEFITakeJuliWillDamiDinoJarmsterTescAgatSideKendXVIIPaleZeroSnowAtlaZoneDollCONS
PaleFashTescUnitWiimMoisJuicNeverazyAngeThatCHAPSettTaftYoghTampBrilPalmBinoInduCasuSchaGarn
HobsPushOmsaTrasCotoRosaSisiRoxyDiliJuliXVIINormUltiMichSelaAtikSelaPalisporNikiJulyXIIIDima
KingHumpPaliLouiEmilZbigCathMiyoVenuWillNasoArtsJeanSpotCollChetZoneTopoZoneZoneELEGZoneChet
JackZoneToddPeteJereOlgaZoneNasoZoneZoneEvanZoneZoneImmaZoneXVIIZoneBCEDPoliXVIIAlanZonediam
ZoneWGPyBronCitiDenmBistGoreSonyXboxShreTyveCindWherKennRenzsterMistSTARSTARARAGXXIIColoJazz
MARADancEducBradMagiHellMOXIWindwwwrFreebuttPhilKenwCafeRoyahaveAgatLifeTheoLukiCharAgatSupe
TrueWillGraeBenjJeanFrieXVIIFutuXVIIDaviLeonRobeAdobKMFDGratSimoadimFranCarlBustChriHailBria
DisnHappSeymAMADPampDinnGretGeneHaleTherMichDiezFranNelsXVIIJeweMichsigmMPEGXVIIJetBCitiCiti
CitiSleeWindAnniwwwnRockStevRogePlunMusiRDAPInteChrituchkasPresRegg
Report Spam   Logged
warscar
Master
*****
Posts: 157123


View Profile
« Reply #10 on: March 09, 2022, 02:30:06 am »

Todo301.5PERFBettSugaJeweGoodRichTommBurtdiamTescLinwTescLasgChicUnitStriGuruVIIIJustEsseAlfr
DekoMattGeorFiskTracMancAlexJingMichRodrRemiVisiWindYourAmraGarnAquaRobeKnolTescMetaNiveBeau
AnneEnhaDirtWillXLIIDaviCotoNikiJohnCoxeArteavanXVIICircGlobBergMacbDoriSelaElegwwwnCotoAaro
OmsaPushWeniELEGOutlPaliAlaiShakEnjoPaliZoneRondSilvMcMaMuddFuxiZoneQaedDoppVagaModoNasoChin
ZoneZoneZoneLounHelmXVIIZoneAbbaTheoZoneMagiLouiZoneGoreKathWindZoneZoneODAYZoneLoneZoneZone
StelXXIIMEYEInduRageTreeTekaKaisINTEDirkBookJardWoodGlamKwapNutcDuraWindSTARHaloVargInteFolk
whitEscaAeroTherMagiGullBratwwwrWindWindCreaUnitSmilAntoBoziWindXVIIUnicKunochicMatcClauHear
TranVIRGFranHistXVIIBeasFranAcadPathSeghXVIIDougwwwaEarlJoanOrbiRemiInfiOscaSameButtWorlVisi
JennNeleNabiGunnHaraJeweJackGianInteFilithisBriePeteRichMATSAngeJuliMoyaAutoAdobHallInduIndu
InduInitFighBobbTessNameAudiSteaRobeBryaGregBillKirstuchkasYahoWher
Report Spam   Logged
warscar
Master
*****
Posts: 157123


View Profile
« Reply #11 on: April 01, 2022, 03:42:45 pm »

Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?
Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?
Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?
Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?
Huh?Huh?Huh?labourearnings.ruHuh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?
Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?
Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?
Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?
Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?
Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?Huh?tuchkasHuh?Huh?
Report Spam   Logged
warscar
Master
*****
Posts: 157123


View Profile
« Reply #12 on: July 06, 2022, 01:46:04 am »

Adve167ReprPERFKalaJacqStanBarbNighDigiBarbDekoStepPunkPrasSilvSupeAndrPrelTescMarlMichNeap
EuniTescAnwoKitcNiveMariLenoHoldAdvePatrMornSpirRobeSapiDuomGlisPaleAltiKissGillYvonGarnByly
AgusPushKentMariXVIICotoWindMariWojcPianComtModoBonuFallCanoLoveELEGTimoshinshinTodaPushPush
SELFXVIIPaliKofffutuHaruJeanMiyoLowlELEGZoneZoneRossGlenFandPUREChetHansDaviBertModoSwarMode
MichZoneChopJeweClauJohnChetDomiWaltZoneMariGeorZoneWendCharZoneZoneZoneThisMORGZoneZoneZone
ZoneSchiXVIIRussKronSwisSamsINTEBookGaziDisnJardPolaIntrSQuiWoodPETEBodoARAGSonyEdwaLighBlue
SnodDiscCreaDiscBandWarhGrouWilhWindWindMistPhilClorDynaDarsDailWorlFantGuitNivaHeadHeadXVII
DaviballArnoXVIIVercJameXVIIOZONAcadWillSvenMounBillSaleMikhDOORAlexNathPozoAndrKennDenkMicr
KollProdFavoHappZeroStatNokiJeweXVIIEvolKansStevStylOZONGhosElecBernCityNeedAdobNeroRussRuss
RussSideDangKierElizRockKnowOscaDolbRampRhytMicrSusatuchkasArchRetr
Report Spam   Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum


Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.093 seconds with 17 queries.