Learn Hacking, Computer tricks, network security, everything on computer, software and networking: SQL INJECTION

Friday, April 15, 2011

It is a technique that exploits security vulnerability occuring in the database layer of an application( generally SQL,MYSQL).
The vulnerability is present when user input is either incorrectly filtered or few other escape character like %,-- are embedded in sql query such as 1'or'1'='1 is true for all cases and therefore executed.
the attacker can try to gusess the username of an account by quring fpr so,o;ar iser ma,es ;ole ad% for admin.
Attacker can insert data by appending commands or wrinting queries.
Generally SQL vulnerability is found on site using ' after the url. If it shows error likeMicrosoft OLE DB error then the site is vulnerable to SQL injection.

Learn Hacking, Computer tricks, network security, everything on computer, software and networking