When we talk about SQL injection the first expression that flashes in our mind is
‘ OR ‘1’ = ‘1
What exactly is this ? SQL users would tell you in a second. Let us understand it through an example:
http://www.whatever.com/books.php?val=100
This request returns the description or the name of the books that have the price of 100 $ or INR , It depends 🙂
Let us alter this URL :
http://www.whatever.com/books.php?val=100′ OR ‘1’=’1
This URL executes this query on the database:
SELECT *
FROM books
WHERE PRICE<‘100’ OR ‘1’=’1′
This query returns the name and description of all the books regardless of their price. Why ?
Because of ‘OR ‘1’=’1 This expression is always true and so all the books get selected despite mention of their price limit.
So, SQL injection is an attack in which SQL code is manually/automatically inserted into input parameters which then gets executed on a back end SQL server.
User input is accepted by script written in programming languages such as PHP, ASP, JSP , this script is compiled and executed and dynamically creates SQL statement which gets executed on back end database server and information is extracted.
Usually, hackers use SQL injection , exploit web applications and create back doors into systems without the knowledge of admin and carry on the extraction of sensitive information.
I hacked a Canadian website 2 days (would not name it), I used SQL injection to get the admin login, The webmaster has been notified and as soon as he does the upgradation, I will present you the original video. Till then see the same video, blurred at a few places keeping security in concern.
I have hacked many websites including the government websites. But the webmasters have been notified and have been requested to do the up-gradation. I felt like uploading all those videos but then I would surely have been in deep shit.
Okay, wait for next post with some more details and defense.
well buddy It helps me …
thanx.