Hacking For Beginners – Manthan Desai
2010
• A SQL injection attack exploits vulnerabilities in a web server database that allow the attacker to gain access to thedatabase and read, modify, or delete information.• An example of a SQL injection attack is making the condition true by giving the identical value to a web page. Thesevalues can be inserted into a login as follows:
• Login: 1' or '1'='1 and Password= 1' or '1'='1• Login: 1' or '1'='1';--
• When the Username argument is evaluated, ‘1’=’1’ will assess to TRUE, and an authentic username will be returned.
The Systametic Execution of SQL injection is explained in the image below.
Input validation on the SQL Injection
• There are measures that can be applied to mitigate SQL injection attacks.
• Web developer can check whether some suspicious characters are sent from the Login Page like ‘ , “ , ; , -- , etc
• Always store the Passwords in the Database server in the Encrypted Form.
• Use of these practices does not guarantee that SQL injection can be completely eliminated, but they will make it moredifficult for Hackers to conduct these attacks.
www.hackingtech.co.tv
Page 59