Blog

Python 3.7 And 2.7 Installation Steps On Windows 10

Changing python default versions on fedora 27?

Python websockets installation is failed on fedora linux

Network Basics

Document Clustering

Clustering Techniques

SQL Injection and Prevention Techniques

Google Form Intro and App Scripts

Download in Youtube using Youtube-dl commands

Java Network Launch Protocol File Launch Issue

javaws command is not working

Forcing Website with HTTPS instead of HTTP

Cricket Scores API's

Design Patterns

IIS Installation and Configuration on Windows 10

Unable to start debugging on the web server (IIS Error Code 405)

Google Chrome Installation on Fedora 26, CentOS / RHEL 7.4

Install Fedora 26 On Virtual Machine Using VirtualBox in Windows 10

Using screen command in fedora 25

Java JDK 1.8 Installation Steps On Windows 10

Enable Permanent SSH Access on Linux

C Program Undefined Reference Error

Curl error and couldn't resolve hostname fedora mirrors

Installing Android Studio in Windows 10

Resetting Root password on Fedora 26

Installing visual studio code editor steps for fedora 27 / centos 7 / RHEL 7

Java JNI Error UnsupportedClassVersionError in Windows 10

Install virt-customize in RHEL 8

Updating qcow2 image in RHEL 8

Remove the files from dir in another dir

Install virtualenv in RHEL 7

Install Scapy in RHEL 7

SQL ACID properties

SQL Injection



  • Code Injection Technique and one of the most common web hacking techniques.
  • Exploits Security Vulnerability and can also destroy the database.
  • Targets web page user inputs and places malicious code in SQL statements. 
                   SELECT * FROM `login` WHERE `user`=‘test_user’ AND `pass`=‘test_passwd’
  • Above query can be modified as below 
                        SELECT * FROM `login` WHERE `user`=‘’ OR ‘a’=‘a’ AND `pass`=‘’ OR ‘a’=‘a’ 
                     // 'a'='a' is always true, this query gets all the records from login table.
                    
                    SELECT * FROM `login` WHERE `user`=‘’; DROP TABLE `login`; --’ AND `pass`=‘’
                    //This query add DROP statment as multiple statement and drop the table 'login' in the database.
  • Prevention:
    • Adding the logic to allow only numbers / letters in username and password web page fields
    • How should you enforce the constraint? SERVER SIDE.
    • ‘ESCAPE’ bad characters.’ becomes \’
    • Providing READ ONLY database access.
    • Remember this is NOT just for login areas! NOT just for websites!

 Blog

Python 3.7 And 2.7 Installation Steps On Windows 10

Changing python default versions on fedora 27?

Python websockets installation is failed on fedora linux

Network Basics

Document Clustering

Clustering Techniques

SQL Injection and Prevention Techniques

Google Form Intro and App Scripts

Download in Youtube using Youtube-dl commands

Java Network Launch Protocol File Launch Issue

javaws command is not working

Forcing Website with HTTPS instead of HTTP

Cricket Scores API's

Design Patterns

IIS Installation and Configuration on Windows 10

Unable to start debugging on the web server (IIS Error Code 405)

Google Chrome Installation on Fedora 26, CentOS / RHEL 7.4

Install Fedora 26 On Virtual Machine Using VirtualBox in Windows 10

Using screen command in fedora 25

Java JDK 1.8 Installation Steps On Windows 10

Enable Permanent SSH Access on Linux

C Program Undefined Reference Error

Curl error and couldn't resolve hostname fedora mirrors

Installing Android Studio in Windows 10

Resetting Root password on Fedora 26

Installing visual studio code editor steps for fedora 27 / centos 7 / RHEL 7

Java JNI Error UnsupportedClassVersionError in Windows 10

Install virt-customize in RHEL 8

Updating qcow2 image in RHEL 8

Remove the files from dir in another dir

Install virtualenv in RHEL 7

Install Scapy in RHEL 7

SQL ACID properties

Privacy Policy  |  Copyrightcopyright symbol2020 - All Rights Reserved.  |  Contact us   |  Report website issues in Github   |  Facebook page   |  Google+ page

Email Facebook Google LinkedIn Twitter
^