SQL Injection

When we talk about SQL injection the first expression that flashes in our mind is

‘ OR    ‘1’ = ‘1

What exactly is this ?   SQL users would tell you in a second. Let us understand it through an example:

http://www.whatever.com/books.php?val=100

This request returns the description or the name of the books that have the price of 100 $ or INR , It depends 🙂

Let us alter this URL :

http://www.whatever.com/books.php?val=100′ OR   ‘1’=’1

This URL executes this query on the database:

SELECT *

FROM books

WHERE    PRICE<‘100’ OR    ‘1’=’1′

This query returns the name and description of all the books regardless of their price.   Why ?

Because    of    ‘OR  ‘1’=’1 This expression is always true and so all the books get selected despite mention of their price limit.

So,  SQL injection is an attack in which SQL code is manually/automatically inserted into input parameters which then gets executed on a back end SQL server.

User input is accepted by script written in programming languages such as PHP, ASP, JSP , this script is compiled and executed and dynamically creates SQL statement which gets executed on back end database server and information is extracted.

Usually, hackers use SQL injection , exploit web applications and create back doors into systems without the knowledge of admin and carry on the extraction of sensitive information.

I hacked a Canadian website 2 days  (would not name it),  I used SQL injection to get the admin login, The webmaster has been notified and as soon as he does the upgradation, I will present you the original video. Till then see the same video, blurred at a few places keeping security in concern.

I have hacked many websites including the government websites. But the webmasters have been notified and have been requested to do the up-gradation.  I felt like uploading all those videos but then I would surely have been in deep shit.

Okay, wait for next post with some more details and defense.