Friday, 24 January 2014

Various ways of Hacking a Website - Part1

In this post we are going to see some of the Hacking techniques that normally hackers use to hack a sites.
In the techniques we are going to see first the Injection model. In which hacker can get the private data from the computer. Now recently most of the big companies are hacked by hackers.

Injection Hacking :
   
What is Injection Hacking ?
    Injection hacking mean, inject the additional code to the system to run and get the private data of the user.
Let we some sample now, let we take an example of  display of mark details whenever user send his or her registration number.

Normally the data are stored in database, to retrieve the data what they used in the coding is

Select Mark1,Mark2, Mark3 From Subject where registerno = '"+Request.Form["reg"]+"';

when user gives the input of register number "R1001" it is sends to the server and replace in the place of Request.QueryString["reg"] so finally query become

Select Mark1,
           Mark2, 
           Mark3 
From Subject 
where registerno = 'R1001',

Now the details R1001  marks list Mark1,Mark2, Mark3 is displayed in the screen.

Now this website is going to hack using the Sql Injection Technique.instead of sending the register no end user send the data of      ‘ or ’1′=’1

What will happen is instead of single record now user can able to see the all records present in that table


How it is happen ? 
At the sql server engine now query becomes

Select Mark1,
           Mark2, 
           Mark3 
From Subject 
where registerno = '' or '1'='1'

It will select the three marks from the subject table when register no is empty or '1'=1 when the condition '1'=1 means True, due to the or condition presents either any one true then the current record will fetch so now query becomes true for all records , because of the sql injection the hackers can see the private data from the website.



From this post i hope you can learn some basics of Sql Injection Hacking.


No comments:

Post a Comment