Sunday, August 8, 2010

Saturday, August 7, 2010

SQL Injection Part-2

As said in the earlier post .. lets see how to bye-pass a login page with ease using a magic string

here is the sites link : http://testasp.acunetix.com/Login.asp?RetURL=%2FDefault.asp%3F

open the link its a login page:

here is a trick to bye pass the login page using sql injection technique, in the username field type this ' or 1=1--
for the password field type anything ulike as it does not matter

example :
username :' or 1=1--
password :123

and voila... ur loged in .. this is made possible becoz the above site is vulnerable to sql injection flaw....

u can not only bypass the login mechanism u can retrieve the entire list of usernames and passwords stored in the database easily.. using the same sql injection..

In the next post we will see how we can retrieve an entire table from the database server.. It will be fun trust me.. Stay tuned

P.S : dont try this on any-other sites..

Thursday, August 5, 2010

SQL Injection Part-1

Normally web applications provide interface to the user to input the information. These user inputs are further used for many purposes one of which is to query the databases. The user input as part of SQL statements gets executed on the RDBMS. SQL injection is trying to input such data through the web application’s user interface that would give malicious user the sensitive information, edit/modify the protected data or crash the entire system etc. In the worst-case scenarios the malicious user is able to even penetrate further into the network by compromising the security of the database host machine.

There are four main categories of SQL Injection attacks against databases
1. SQL Manipulation: manipulation is process of modifying the SQL statements by using various operations such as UNION .Another way for implementing SQL Injection using SQL Manipulation method is by changing the where clause of the SQL statement to get different results.
2. Code Injection: Code injection is process of inserting new SQL statements or database commands into the vulnerable SQL statement. One of the code injection attacks is to append a SQL Server EXECUTE command to the vulnerable SQL statement. This type of attack is only possible when multiple SQL statements per database request are supported.
3. Function Call Injection: Function call injection is process of inserting various database function calls into a vulnerable SQL statement. These function calls could be making operating system calls or manipulate data in the database.
4. Buffer Overflows: Buffer overflow is caused by using function call injection. For most of the commercial and open source databases, patches are available. This type of attack is possible when the server is un-patched

In the next Post we will see some magic strings and a demo site were u can byepass the login machanism and login as ADMIN :)

Monday, August 2, 2010

Hey Readers..

Welcome to Hack-in4all blog..

Hi i am a Ethical hacker working in MNC as a Ec-council Certified Ethical Hacker, i will share my knowledge on how to break into web applications and also how to make web applications secure from Hacking attacks..

But here we will concentrate more on the Hacking part rather than the latter one.. :)

I shall share my knowledge on all the basic Top Vulnerabilities that most of the websites( web applications) are prone to..

Starting From SQL injection hacking technique... from the next post...

Ur comments and ideas are welcome....