Friday, 24 January 2014

Various ways of Hacking a Website - Part1

In this post we are going to see some of the Hacking techniques that normally hackers use to hack a sites.
In the techniques we are going to see first the Injection model. In which hacker can get the private data from the computer. Now recently most of the big companies are hacked by hackers.

Injection Hacking :
   
What is Injection Hacking ?
    Injection hacking mean, inject the additional code to the system to run and get the private data of the user.
Let we some sample now, let we take an example of  display of mark details whenever user send his or her registration number.

Normally the data are stored in database, to retrieve the data what they used in the coding is

Select Mark1,Mark2, Mark3 From Subject where registerno = '"+Request.Form["reg"]+"';

when user gives the input of register number "R1001" it is sends to the server and replace in the place of Request.QueryString["reg"] so finally query become

Select Mark1,
           Mark2, 
           Mark3 
From Subject 
where registerno = 'R1001',

Now the details R1001  marks list Mark1,Mark2, Mark3 is displayed in the screen.

Now this website is going to hack using the Sql Injection Technique.instead of sending the register no end user send the data of      ‘ or ’1′=’1

What will happen is instead of single record now user can able to see the all records present in that table


How it is happen ? 
At the sql server engine now query becomes

Select Mark1,
           Mark2, 
           Mark3 
From Subject 
where registerno = '' or '1'='1'

It will select the three marks from the subject table when register no is empty or '1'=1 when the condition '1'=1 means True, due to the or condition presents either any one true then the current record will fetch so now query becomes true for all records , because of the sql injection the hackers can see the private data from the website.



From this post i hope you can learn some basics of Sql Injection Hacking.


Wednesday, 22 January 2014

Caching in Asp.Net

                 In this article we are going to see the topic about caching, caching is a technique to store the user request page in the server memory as rendered output html, so when ever user request that particular page, it doesn't generate or rendered the page ,it returns the output of the page from the memory. It is used to Improve the performance of the application.

To cache a webform use the @OutputCache page directive in the page. Duration attribute to specify how many seconds that page would cache.


Now let we take a sample that the default page is cached for 10 seconds and make the user to enter the value in the textbox and in the response it will return back the input typed in the textbox. For example if i submit a value of 2 and submit the form the return value is : Sample Caching Value:- 2





When the user the reenter the value as 3 in the textbox with in the 10 seconds and submit the page, it will return the same page which is cached in server memory.so again it will return the page of value with 2 not 3, because the page with value 2 is cached in server memory for 10 seconds.



After the submit .



Code:

<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Default.aspx.cs" Inherits="SampleWebApp._Default" %>
<%@ OutputCache Duration="20" VaryByParam="None" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
    <div>  
    Testing Caching !   
    <br/ />   
        <br />
        <br />
    Id :- <asp:TextBox runat="server" ID="id"></asp:TextBox>
    <br />   
    <asp:Button runat="server" ID="submit" onclick="submit_Click" Text="Submit" />
    <br />  
        <br />
    <br/ />
     <asp:Label ID="display" runat="server"></asp:Label>
    </div>
    </form>
</body>
</html>



using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Diagnostics;

namespace SampleWebApp
{
    public partial class _Default : System.Web.UI.Page
    {
        private string DbLoad()
        {
            System.Threading.Thread.Sleep(10000);
            return "Sample Caching";
        }

        protected void Page_Load(object sender, EventArgs e)
        {
       
        }

        protected void submit_Click(object sender, EventArgs e)
        {
            Stopwatch watch = Stopwatch.StartNew();
            watch.Start();
            string value = DbLoad();
            display.Text = value + ", Value :-" + id.Text;
        }
    }
}


After the 10 seconds, if the user enters the value as 3 then it will return the value in the response is 3.

From this article you can see what is output cache and there usage in the asp.net