SQL injection attack is one of the old attack. I found it interesting so giving short description on it. It is mainly related with web sites. This attack is because of few user input unchecked conditions. This is also called as blind attack where attacker is not running with any knowledge of database. Here I am giving few examples.
1. General attack:
If you have to enter just one field in text box like password then here is attack.
Generally we know that whatever text we are going to enter in text box will appear in WHERE clause of SQL.
Ex. Password : test123
In this case query will something look like.
SELECT * FROM member WHERE password = 'test123'
Now see how can we attack using some SQL like input. Instead of entering only password think about following input,
Password : test123' OR 'X' = 'X
Now query will formed something like this,
SELECT * FROM member WHERE password = 'test123' OR 'X' = 'X'
where red and bold text is user input which is valid for text field but actually should not.
2. Finding some user:
Now consider case where we know email address. And whatever that data we are entering into text field is going to SELECT clause like,
SELECT * FROM members WHERE eaddr = 'Our_input'
Now in this case think about input,
email@xyz.com' OR full_name LIKE '%je%
Then query will be,
SELECT * FROM members WHERE eaddr = 'email@xyz.com' OR full_name LIKE '%je%'
Here it is assumed that field name is known. After that you can refine LIKE clause with % to get exact user.
In this way you can guess different attack tricks. But now a days every web site handle these kind of attacks.
Enjoy this....
1. General attack:
If you have to enter just one field in text box like password then here is attack.
Generally we know that whatever text we are going to enter in text box will appear in WHERE clause of SQL.
Ex. Password : test123
In this case query will something look like.
SELECT * FROM member WHERE password = 'test123'
Now see how can we attack using some SQL like input. Instead of entering only password think about following input,
Password : test123' OR 'X' = 'X
Now query will formed something like this,
SELECT * FROM member WHERE password = 'test123' OR 'X' = 'X'
where red and bold text is user input which is valid for text field but actually should not.
2. Finding some user:
Now consider case where we know email address. And whatever that data we are entering into text field is going to SELECT clause like,
SELECT * FROM members WHERE eaddr = 'Our_input'
Now in this case think about input,
email@xyz.com' OR full_name LIKE '%je%
Then query will be,
SELECT * FROM members WHERE eaddr = 'email@xyz.com' OR full_name LIKE '%je%'
Here it is assumed that field name is known. After that you can refine LIKE clause with % to get exact user.
In this way you can guess different attack tricks. But now a days every web site handle these kind of attacks.
Enjoy this....
No comments:
Post a Comment