What is SQL Injection?
Simply, SQL injection is a code injection technique that might destroy your database. and it is one of the most common web hacking techniques.
In other terms, SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
Now we'll see what should we do to login to a Web Site which we didn't signup before..,
A person who is trying to login to a certain site without signing up, he/she can use following command to username and password text boxes. SQL Injection can be performed with following values to bypass authentication
What should we do to prevent SQL Injection?
To prevent SQL Injection, we need to avoid running dynamic queries and use prepared statements in the code.
In other terms, SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
Now we'll see what should we do to login to a Web Site which we didn't signup before..,
A person who is trying to login to a certain site without signing up, he/she can use following command to username and password text boxes. SQL Injection can be performed with following values to bypass authentication
" or ""="
It's just like this..,
The code at the server will create a valid SQL statement as follows,
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
To prevent SQL Injection, we need to avoid running dynamic queries and use prepared statements in the code.
No comments:
Post a Comment