SQL INJECTION

sql injection


 SQL Injection is one of the more popular application layer hacking techniques that is used in the wild today. It is a type of input validation attack i.e it occurs when the programmer/developer fails to properly validate the input given by the user. 
               Basically SQL stands for Structured Query Language, and it is the language used by most website databases.RDBMS is the basis for SQL, and for all modern database systems like MSSQL Server, Oracle, MySQL etc. Data is stored in the database in the form of tables. A database most often contains one or more tables. Tables contains one or more columns and data is stored in these columns. Data in the database is retrieved using queries. Generally in a website the front end and back end connectivity is done so that end user can retrieve data or enter data from the front end into the backend. Consider front end is PHP and back end is MySQL then the connectivity is done using 
         mysql_connect("servername, username, password ")
             Once the connectivity is done the front end and back end starts interacting. Whatever request is done by the end user from the front end is requested to the back-end in the form of SQL queries and end user gets the required result. But it is possible for an attacker to send malicious request (generally SQL queries) from the front end and forcing the back-end to execute those queries and give the result. This is called SQL injections. 
           SQL injection is a technique that is used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a back-end database. A successful SQL injection exploit can enable the attacker to read sensitive data from the database, do insert/update/delete operations, execute administration operations on the database (such as shutdown the DBMS). It clearly means SQL injection attack is possible only on those websites/web applications which have a back-end. SQL injection is possible on almost all databases (MySQL, MsSQL, Oracle, MS ACCESS etc). This attack is done by injecting malicious SQL queries from forms or from the URL.

The possible types of SQL injection that can be exploited by the attacker are:

  • Poorly Filtered Strings
  • Incorrect Type Handling
  • Signature Evasion
  • Filter Bypassing
  • Blind SQL Injection
Lets have some explanation on it

1. Poorly Filtered Strings

        SQL injections based on poorly filtered strings are caused by user input that is not filtered for escape characters. If the validation for the user input is not done properly then the attacker can send SQL strings from the form to execute in the database and hence compromising the security.

Example:
Attacker puts 'or''=' in the form and sends it to the back-end.
Inserting the above string will generate a query like this:
SELECT password FROM users WHERE password = '' OR 1'='1
This query will return true and thus giving the attacker illegal access.

2. Incorrect Type Handling

        Incorrect type handling based SQL injections occur when an input is not checked for type constraints. In simple language the data type of the input is not validated properly which is then manipulated by attackers to do execute SQL queries.

Example:
    Suppose the input data type is not properly validated. Consider the following query:
    SELECT * FROM table WHERE id = "pid";
    An attacker will put input something like this
    1;SHOW TABLES
    and the query will be interpreted as
    SELECT * FROM userinfo WHERE id=1;SHOW TABLES;

3. Signature Evasion

        Many SQL injections will be somewhat blocked by intrusion detection and intrusion prevention systems using signature detection rules. Common programs that detect SQL injections are mod_security or WAF (web application firewall). These techniques are not 100% secure and can be bypassed.

Example:
If the firewall is blocking keywords like "union", "all", "select" etc. then the attacker can bypass it by commenting SQL keywords like this /*!union*/ /*!all*/ /*!select*/. Also there are many other ways which will be discussed in further tutorials.

4. Filter Bypassing

        Generally while doing sql injection, some sql keywords are used like union, select, from etc...the administrator filters these keywords so as to block such requests but it still becomes possible for an attacker to bypass these kind of filters

Example:
the attacker attacks like this,
    index.php?id=1  union all select 1,2,3--n site gives response 406 not acceptable so by using tricks like this
    index.php?id=1  /*!union*/ /*!all*/ *!select*/ 1,2,3-- the attacker bypasses the security there are many ways to bypass this
    it depends on how strongly the administrator has created the filter.

5. Blind SQL injection

        Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. Blind SQL injection takes a lot of time and patience.

Example:
    site.com/index.php?id=1 and 1=1 will load normal page but site.com/index.php?id=1 and 1=2 will give a different result if the page is vulnerable to a SQL injection.

There are many more varieties of SQL injection attacks which will be discussed in the next tutorials.Suggestions happily accepted for future tutorials.

How to enable Telnet services on Windows 7

telnet services


To enable telnet services on windows machine follow the following steps:-
1.Go to Control panel then click program and features.




















2.click on "Turn windows feature on or off".

























3. check Telnet Client and Telnet Server then click OK.
4.Telnet services are enable in your computer.

Finding IP Address of the Sender in Gmail

When you receive an email, you receive more than just the message. The email comes with headers that carry important information that can tell where the email was sent from and possibly who sent it. For that, you would need to find the IP address of the sender.
Note that this will not work if the sender uses anonymous proxy servers.
Also, note that if you receive an email sent from a Gmail account through the web browser, you may not be able to find the real IP address because Google hides the real IP address of the sender. However, if someone sends you a mail from his/her Gmail account using a client like Thunderbird, Outlook or Apple Mail, you can find the originating IP address.
For finding IP address of sender folow following steps:-
1.open Gmail.
2.click on email whose ip address you want to know.












3.Then click on more button then click show original.
4.Now press CTRL+F(to find) and type "Received: from" without quotes.
5.Go to the last Received: from line there you will get ([X.X.X.X]).
6.X.X.X.X is the IP address of the sender.

View stored password in Mozilla Firefox

Firefox allows you to securely store usernames and passwords for websites in its Password Manager. When you visit one of the websites again, Firefox automatically fills in the username and password to log you in.
To see your stored passwords just follow following steps:-
1.open firefox.
2.Now click on Tools then click on options.



















3.On the Options dialog box, click the Security button at the top.
 In the Passwords box, click saved passwords.



























4.The Saved Passwords dialog box displays each site for which you have saved your
   username and password, and displays the usernames. The passwords are hidden by
   default. To view the passwords,click Show Passwords.

5.So Guys my suggestion is that you always set master password so that no body
 would stole your Credential information.To set a master password just check the
 text box that saying "use a master password" and then set your master password. 

See Stored Password in Google Chrome

Google Chrome provides a more feature-rich password-saving feature than Internet Explorer does, as well as an auto fill feature that can also keep track of your credit card details. But while these can be great time-saving features, they also pose more security risks.
Chrome lets you—or a thief for that matter to see your saved Log In Credential just follow the following Steps:-
1.open chrome browser.
2.In the address bar type "chrome://settings/passwords" without quotes.you will see this.





3.Now click on show button and you will see the stored passwords.

Blue Screen Of Death


Blue screen of death windows 7 fix

These types of problems are very frustrating mainly occurs when you update your bios or install
a malicious program.
To solve this issue follow the following steps :-
1.open bios set up by pressing F2 (it varies from laptop to laptop), when your computer restarts.
2.Now go to configuration tab and select sata controller mode.











3.Now check which option is enable . It may happen your options are different like native & ide etc but don't worry.
4.Always select the option which is opposite to previous one.
5.now press F10 (save and exit).

Breaking Windows 2000/2003/XP/Vista/7/8 Administrator Password

windows-password-hacking

Changing Windows log in password without knowing the previous password..
Follow the Following steps:-
1.open command prompt in administrative mode.