Welcome to www.programmer2programmer.net Its all about security programming source code

programmer2programmer.net

 Tips
 Microsoft Certification
 Final Year Project Idea
 Connection Strings
 Password Recovery
 SQL Injection
 Encryption & Decryption
  
 LIVE Academic Project
 Project #1 - VB6, Access
  Project #2 - VB.Net, SQL
 Project #3 - ASP, Access
 Project #4 - ASP.NET, C#
 Project #5 - VB6, SQL
 Project #6 - Stegano
 Project #7 - C
 Project #8 - C++
 Project #9 - JAVA, MySQL
 Project #10- PHP, MySQL
 Project #11- JSP, Oracle
 Project #12- C# Face Exp
 Project #13- Mobile Bank
 Download MBA Project
 MBA Project Topic
 Project Viva Question
  2017 New Projects
 Project Synopsis Download
  
 University Question Paper, Assignment and Projects
 SMU - Question Paper
 SMU - Assignment
 SMU - Synopsis Projects
 SCDL - Assignment
 IGNOU - Synopsis Projects
 Welingkar - Projects
 Project Report Formats
  
 Interview Question Answer
 General & HR Round
 Visual Basic 6
 VB.Net & C#
 ASP.Net
 SQL Server
  Oracle and DBA
 My SQL
  

100% Tested
Ready Academic IT Projects

BE, ME, BTech, BCA, MCA, MBA, Bsc-IT, MS, BIT, ADIT, DOEACC, IGNOU, SMU
readymadeproject.com
One stop solution for VB6, VB.Net, C#, ASP.Net, Crystal Report, Oracle, SQL Server, MySql, PHP, XML, AJAX ....
Home Personal Member Forum Source Project Tips Contact
 

 

SQL Injection - Advanced SQL Injection
 

 
What is SQL Injection?

1. What is SQL Injection

SQL Injection the most popular method to pass SQL command deliberately from input filed in application.  

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.
2. SQL Injection by Example

3. Advanced SQL Injection

4. Preventing SQL Injection
   
   
   
   
Which part of your application is in threat for SQL Injection?
SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.

Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.

These website features are all susceptible to SQL Injection attacks which arise because the fields available for user input allow SQL statements to pass through and query the database directly.

Basic SQL Injection
Most login page is ask for User Name and Password from the user. User type the user name and password in the login form and submit for authenticate. System query the database with supplied user name and password if it found in the database it authenticate the user otherwise it show login fail message. When we submit the login page most login page will pass query to database like.
    select * from user_master where user_name='" & TxtUserName.Txt & "' and
    user_password ='" & TxtPassword.Txt & "'"
If we type User Name as ANYUSER and Password as ANYPASS then actual query look like.
    select * from user_master where user_name='ANYUSER' and
    user_password ='ANYPASS'

It will not work as there is no such user name and password in the table user_master. and it will show login fail message. Now just change your password and type   ANYPASS' or 'T' = 'T    and submit the page again. This time the query look like.
    select * from user_master where user_name='ANYUSER' and
    user_password ='ANYPASS' or 'T' = 'T'
Now it works and you are able to login the page without knowing the user name and password. How it was happen. the query will always return all records from the database because 'T' = 'T' always True.

What are the SQL command you can pass
If the underlying database supports multiple command in single line, then you can pass any valid DML, DCL and DDL command through sql injection. for example following command will drop user_master table from the database. For example type in paasword box ANYPASS' ; drop table user_master --   and submit the page again. this time underlying query looks like.

    select * from user_master where user_name='ANYUSER' and
    user_password ='ANYPASS' ; drop table user_master -- '
Now it drop the user_master table from the database. In this case we pass drop table command along with password. -- two dash is comment for SQL no other code will be executed after that. If you know the table structure then you can Insert and update the record as well through SQL Injection.

 

Next 4.  Preventing SQL Injection
(C) Atanu Maity, 2006-2017