What is SQL Injection??
SQL Injection is one of the many web attack mechanisms. As a result data from organizations are stolen by Hackers. It is an application layer attack techniques used nowadays. It is the type of attack that takes advantage of falulty coding of web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.
SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not guarded properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.
A simple instance;
Take for instance, a simple login page where a valid user would enter his username and password to view his personal details or upload his comments in a forum.
What actually happens When the legitimate user submits his details.... Once the user input data, an SQL query is generated from these details and submitted to the database for verification. If a match is found, the user is allowed access. In other words, the web application that controls the login page will communicate with the database through a series of pre-defined commands so as to verify the username and password combination. On verification, the legitimate user is granted appropriate access.
Through SQL Injection, the hacker may input specifically manipulated SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it. This is only possible if the inputs are not properly sanitised (i.e., made invulnerable) and sent directly with the SQL query to the database. SQL Injection vulnerabilities provide the means for a hacker to communicate directly to the database
The impact of SQL Injection could be of the following;
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities may lead to varying levels of data/system access for the attacker. It may also be possible to manipulate existing queries, to UNION (used to select related information from two tables) arbitrary data, use subselects, or append additional queries.
Thus, If an attacker can obtain access to your database, it could spell disaster.
Unfortunately the impact of SQL Injection is only uncovered when the theft is discovered.......
Tuesday, September 18, 2007
Sunday, June 24, 2007
If.............
"If"
If you can keep your head when all about you
Are losing theirs and blaming it on you,
If you can trust yourself when all men doubt you,
But make allowance for their doubting too;
If you can wait and not be tired by waiting,
Or being lied about, don't deal in lies,
Or being hated, don't give way to hating,
And yet don't look too good, nor talk too wise:
If you can dream - and not make dreams your master,
If you can dream - and not make dreams your master,
If you can think - and not make thoughts your aim;
If you can meet with Triumph and Disaster
And treat those two impostors just the same;
If you can bear to hear the truth you've spoken
Twisted by knaves to make a trap for fools,
Or watch the things you gave your life to, broken,
And stoop and build 'em up with worn-out tools:
If you can make one heap of all your winnings
If you can make one heap of all your winnings
And risk it all on one turn of pitch-and-toss,
And lose, and start again at your beginnings
And never breath a word about your loss;
If you can force your heart and nerve and sinew
To serve your turn long after they are gone,
And so hold on when there is nothing in you
Except the Will which says to them: "Hold on!"
If you can talk with crowds and keep your virtue,
If you can talk with crowds and keep your virtue,
Or walk with kings - nor lose the common touch,
If neither foes nor loving friends can hurt you,
If all men count with you, but none too much;
If you can fill the unforgiving minute
With sixty seconds' worth of distance run,
Yours is the Earth and everything that's in it,
And - which is more - you'll be a Man, my son!!
-----Rudyard Kipling
Sunday, June 10, 2007
Want to Hide yourself???
Do you want your Linux Box not to respond to ping request!
Here is how to do....
Check the value of /proc/sys/net/ipv4/icmp_echo_ignore_all
i.e.cat /proc/sys/net/ipv4/icmp_echo_ignore_all
Now, replace the current value by 1
i.e. echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Now, try and ping your system from a different system...Are u getting any response????
Reboot ur system, and ur current settings is lost (Default is reverted back.. i.e. ping is enabled again.)
Want to make this a permanent one???
Make the following entry in /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=1
Now, run the following command to make the change effective...
sysctl -p
You are Hidden!!!
Here is how to do....
Check the value of /proc/sys/net/ipv4/icmp_echo_ignore_all
i.e.cat /proc/sys/net/ipv4/icmp_echo_ignore_all
Now, replace the current value by 1
i.e. echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
Now, try and ping your system from a different system...Are u getting any response????
Reboot ur system, and ur current settings is lost (Default is reverted back.. i.e. ping is enabled again.)
Want to make this a permanent one???
Make the following entry in /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=1
Now, run the following command to make the change effective...
sysctl -p
You are Hidden!!!
Monday, June 4, 2007
Shell Script
# Creating 50 users through a small script and setting their password as "password"
for x in {1..50}
do
useradd user$x; echo "password" (Place the Pipe symbol here)passwd --stdin user$x
done
for x in {1..50}
do
useradd user$x; echo "password" (Place the Pipe symbol here)
done
Sunday, June 3, 2007
Computer guys are not Nerds
A Software Engineer talking to his Wife
Husband : (Returning late from work) "Good evening dear, I am now logged in"
Wife : Have you brought the ring ?
Husband : Bad command or Filename.
Wife : But I told you in the morning ...
Husband : Erroneous syntax. Abort ?
Wife : What about my new dress ?
Husband : Variable not found ...
Wife : At least, give me your credit card, I want to do some shopping.
Husband : Sharing violation. Access denied ...
Wife : Do you love me or do you love only computers or are you just being funny ?
Husband : Too many parameters. Press any key ...
Wife : Oh God ! I made a grave mistake that I married an idiot like you.
Husband : Data type mismatch.
Wife : You are a useless nut.
Husband : Its by default.
Wife : What about your salary ?
Husband : File in use ...
Wife : Who was the girl in the car this morning ?
Husband : System is unstable. Press CTRL + ALT + DEL to Reboot.
Husband : (Returning late from work) "Good evening dear, I am now logged in"
Wife : Have you brought the ring ?
Husband : Bad command or Filename.
Wife : But I told you in the morning ...
Husband : Erroneous syntax. Abort ?
Wife : What about my new dress ?
Husband : Variable not found ...
Wife : At least, give me your credit card, I want to do some shopping.
Husband : Sharing violation. Access denied ...
Wife : Do you love me or do you love only computers or are you just being funny ?
Husband : Too many parameters. Press any key ...
Wife : Oh God ! I made a grave mistake that I married an idiot like you.
Husband : Data type mismatch.
Wife : You are a useless nut.
Husband : Its by default.
Wife : What about your salary ?
Husband : File in use ...
Wife : Who was the girl in the car this morning ?
Husband : System is unstable. Press CTRL + ALT + DEL to Reboot.
Courtesy: Express Computers ......(date cant remember)
Saturday, June 2, 2007
Tux or the Linux penguin??
Yeah.....Both refers to "Penguin"....the Linux Logo. But why this logo??
In the beginning, sometime in early 1996, there were talk on the linux-kernel mailing list about a suitable logo/mascot for Linux. Suggestions flooded in, of them many involved parodies of other operating system logo's - or were strong, noble beasts such as Sharks or Eagles. At some point Linus Torvalds (the father of Linux) casually mentioned that he was rather fond of "Penguins"....and so there you are..
In the beginning, sometime in early 1996, there were talk on the linux-kernel mailing list about a suitable logo/mascot for Linux. Suggestions flooded in, of them many involved parodies of other operating system logo's - or were strong, noble beasts such as Sharks or Eagles. At some point Linus Torvalds (the father of Linux) casually mentioned that he was rather fond of "Penguins"....and so there you are..
Subscribe to:
Posts (Atom)