Posts
I am posting the best tutorial which i think.....for the starters..
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.
Forms of vulnerability :-
1>Incorrectly filtered escape characters
This form of SQL injection occurs when user input is not filtered for escape characters and is then passed into an SQL statement.
let understand by an example :-
statement = "SELECT * FROM users WHERE name = '" + userName + "
';"
now set "userName" variable as a' or 't'='t
Then the strings will be in the form SELECT * FROM users WHERE name = 'a' OR 't'='t'; which will bypass the existing sql string.That can also be used for multiple statement execution for example :- a';DROP TABLE users; SELECT * FROM data WHERE name LIKE
'%
the string will be in this form SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM DATA WHERE name LIKE '%';
2>Incorrect type handling :-This form of SQL injection occurs when a user supplied field is not strongly typed or is not checked for type constraints.
For example :- statement := "SELECT * FROM data WHERE id = " + a_variable + ";"
For example, setting a_variable to 1;DROP TABLE users
Since the SQL would be rendered as follows:-
SELECT * FROM DATA WHERE id=1;DROP TABLE users;
- Anonymous Mass Mailers (1)
- bots (1)
- browser (1)
- cool links (1)
- cracking tools (3)
- dos commands (3)
- ebooks (104)
- Exploits (14)
- file upload (3)
- firefox (1)
- flash games (2)
- free space (2)
- gmail (1)
- google (7)
- google chrome Vulnerability (7)
- graphics (5)
- greasemonkey scripts (8)
- gtalk (4)
- hacking (12)
- hacking ebooks (45)
- hacking tools (42)
- hacking tutorials (22)
- haking tutorials (37)
- hosting (1)
- image hosting (1)
- information (11)
- invisible (2)
- IP Scanner (14)
- java (2)
- javascript (4)
- keygen (1)
- Keyloggers (3)
- magazine (1)
- Mail Bombers (1)
- mcse (1)
- muliti login (1)
- networking (2)
- news (9)
- orkut (15)
- Port Scanner (14)
- proxy (2)
- RapidShare Libraries (1)
- regedit (1)
- Sniffers (1)
- sniffing (1)
- sql injection (5)
- tips n trics (41)
- upload sites (3)
- virus (9)
- virus removal (6)
- visual c++ (2)
- Vulnerability Scanner (1)
- wallpapers (5)
- web based hackiing (1)
- web design (1)
- web templates (1)
- Wireless Hacking (5)
-
▼
2009
(127)
- ► August 2009 (33)
-
▼
July 2009
(37)
- 500 Hacking Tutorials 2009
- Netgear WG102 Leaks SNMP Write Password with Read ...
- Openfire Multiple Vulnerabilities
- Vulnerability in Server Service Allows Code Execut...
- GMail Service CSRF Vulnerability
- Buffer Overflow Exploitation and Prevention
- Remote Exploitation with C and Perl
- How to write remote exploits (V. 1.1)
- Cisco Unified Communications Manager IP Phone Pers...
- Shellcode locations and buffer overflows in Windows
- Simple Machines Forum (SMF) 1.1.6 Remote Code Exec...
- Unset Permission on Adata.inc
- Apache vulnerabilities
- Crack WEP with Windows Vista BY "J.Style"
- Wireless Hacking -- Part 1
- Wireless Hacking -- Part 2
- Wireless Hacking -- Part 3
- AiroWizard WEP Cracking on Windows (GUI)
- Wireless WEP Key Password Spy v1.1
- How to open the cmd when it is blocked by your adm...
- Learn about Packet sniffing.
- Run Line Commands
- about dos
- Really Fast Proxy !!
- Network and Its Security
- List Of All Windows Executable Extensions
- Telnet Hacking
- Cookie Stealing Basics
- NetBios explained
- List of Ports commonly used by Trojans
- RapidHack 4.5 Immortality Edition
- Should not scanned (military & govt IP's)
- Fake pages for PHISHING
- Legal Sql Injection Pentesting
- SQL INJECTION TUTORIAL
- SQL injection
- SQL strings for SQL authentication Bypass....
- ► March 2009 (40)
- ► February 2009 (17)
-
►
2008
(211)
- ► November 2008 (13)
- ► September 2008 (198)
Blog Archive
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment