How To Hack Website SQL INJECTION

-Author Rishi Malve

What is SQL?
SQL stands for Structured Query Language SQL can: – execute queries against a database – retrieve data from a database – insert new records in a database – delete records from a database – update records in a database

-Author Rishi Malve

SQL is a Standard - but...
There are many different versions of the SQL language They support the same major keywords in a similar manner (such as SELECT, UPDATE, DELETE, INSERT, WHERE, and many more).

-Author Rishi Malve

SQL Database Tables
A relational database contains one or more tables identified each by a name Tables contain records (rows) with data For example, the following table is called "users" and contains data distributed in rows and columns:
userID Name LastName Login Password

1 2 3

Angel Ashwini sumit

…… …… ……

angel143 ash codebreaker

princess barbie h4ck3r

RDBMS:
Almost all SQL databases are based on the RDBM (Relational Database Model) One important fact for SQL Injection
– Amongst Codd's 12 rules for a Truly Relational Database System:
4. Metadata (data about the database) must be stored in the database just as regular data is. (For reference THE E.F codd’s rules are given in MSBTE 2nd year diploma IT book.)

– Therefore, database structure can also be read and altered with SQL queries

What is SQL Injection?
The ability to inject SQL commands or strings into the database engine through an existing application is known as SQL injection.
-Author Rishi Malve

• How to find sites vulnerable to SQL injections. • To find vulnerabilities magical coat is used • As It closes the string parameter

The MAGICAL COAT '
-Author Rishi Malve

How Does SQL injection works?
Common vulnerable login query
SELECT * FROM users WHERE login = ‘rishikesh' AND password = ‘sumit'

(If it returns something then login!) ASP/MS SQL Server login syntax
var sql = "SELECT * FROM users WHERE login = '" + formusr + "' AND password = '" + formpwd + "'";

-Author Rishi Malve

PIE DIAGRAM OF VULNERABLITIES IN INDIAN WEBSITES
VULNERABLITIES IN INDIAN WEBSITES

60% of INDIAN WEBSITES ARE VULNERABLE TO SQL INJECTION 30% are VULNERABLE TO ACUNTIX 10% ARE SECURED BUT WITH REGRETS

-Author Rishi Malve

• Sites hacked through SQL. • Only for Study use not to access it as per INDIAN CYBER LAWS

-Author Rishi Malve

NASA HACKED

THE DE-FACEMENT.

-Author Rishi Malve

WHAT DO WE MEAN BY DE-FACE
• Every webpage has a Index page i.e. front Page It is Known as the face of that Website • When a Hacker gains access in backend of any website he then changes the index page with some other page then the face of that page is DE-FACED.

-Author Rishi Malve

Thank you! For Queries : rishi.malve01@gmail.com rishi.malve01@Yahoo.com

Sign up to vote on this title
UsefulNot useful