we are fond of internet and today every person wants to create a secure website for his personal or professional use but we are aware of Website hacking which is a common practice these day !
Today i will explain some commonly known web hack which are used by group of hackers on
number of website because some developers cant follow the basic security rules to secure his data over the internet. I am explaining some to inform you and aware you about commonly known website hacking methods!
A: SQL Injection
-->Types
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
A: SQL Injection
--> LOGIN FORM BYPASSING
Here is an example of the vulnerable code that we can bypass very easily:
index.html file:
<form action="login.php" method="POST" />
<p>Password: <input type="text" name="pass" /><br />
<input type="submit" value="Authenticate" /></p>
</form>
login.php file:
<?php
// EXAMPLE CODE
$execute = "SELECT * from database WHERE password = '{$_POST['pass'])";
$result = mysql_query($execute);
?>
We can simply bypass this by using ' or '1=1', which will execute "password = ''or '1=1'';".
Alternatively, the user can also delete the database by executing "' drop table database; --".
PREVENTION:
Use mysql_real_escape_string in your php code.
Example:
<?php
$badword = "' OR 1 '";
$badword = mysql_real_escape_string($badword);
$message = "SELECT * from database WHERE password = "'$badword'";
echo "Blocked " . $message . ";
?>
--> UNION SQL Injection
UNION SQL injection is when the user uses the UNION command. The user checks for the vulnerability by
adding a tick to the end of a ".php?id=" file. If it comes back with a MySQL error, the site is most likely
vulnerable to UNION SQL injection. They proceed to use ORDER BY to find the columns, and at the end, they use
the UNION ALL SELECT command. An example is shown below.
http://www.site.com/website.php?id=1'
You have an error in your SQL syntax near '' at line 1 SELECT SUM(quantity)
as type FROM orders where (status='completed' OR status='confirmed' OR status='pending') AND user_id=1'
No error--> http://www.site.com/website.php?id=1 ORDER BY 1--
Two columns, and it comes back with an error! This means that there is one column.
http://www.site.com/website.php?id=1 ORDER BY 2--
Selects the all the columns and executes the version() command on the only column.
http://www.site.com/website.php?id=-1 UNION SELECT ALL version()--
SOLUTION:
Add something like below to prevent UNION SQL injection.
$evil = "(delete)|(update)|(union)|(insert)|(drop)|(http)|(--)|(/*)|(select)";
$patch = eregi_replace($evil, "", $patch);
>-------------------------------------------------------<
B: Cross Site Scripting
Cross site scripting is a type of vulnerability used by hackers to inject code into vulnerable web pages.
If a site is vulnerable to cross site scripting, most likely users will try to inject the site with malicious javascript or try to
scam users by creating a form where users have to type their information in.
Two types of XSS (cross site scripting) are persistent XSS and non-persistent XSS.
Example:
http://www.site.com/search.php?q=">
SOLUTION
(javascript) (Thank you, Microsoft!):
function RemoveBad(strTemp) {
strTemp = strTemp.replace(/\<|\>|\"|\'|\%|\;|\(|\)|\&|\+|\-/g,"");
return strTemp;
}
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
C: File Inclusion
Types: Remote File Inclusion/Local File Inclusion, and Remote Code Execution
Remote File Inclusion allows a hacker to include a remote file through a script (usually PHP). This code is mostly patched on websites, but some websites are still
vulnerable to the vulnerability. RFI usually leads to remote code execution or javascript execution.
Example of the vulnerable code:
<?php
include($_GET['page']);
?>
Exploiting it would be something like this:
http://www.site.com/page.php?page=../../../../../etc/passwd or
http://www.site.com/page.php?page=http://www.site.com/xyz.txt?
SOLUTION:
Validate the input.
$page = $_GET['page'];
$allowed = array('index.php', 'games.php' 'ip.php');
$iplogger = ('ip.php');
if (in_array $page, $pages)) {
include $page {
else
{
include $iplogger
die("IP logged.");
}
For remote code execution, the site would have to have a php executing command. You would patch this by about doing the same thing.
Please be aware of above explained methods to prevent your database to get hacked and enjoy the limitless possibilities of internet!
Today i will explain some commonly known web hack which are used by group of hackers on
number of website because some developers cant follow the basic security rules to secure his data over the internet. I am explaining some to inform you and aware you about commonly known website hacking methods!
A: SQL Injection
-->Types
- Login Form Bypassing
- UNION SQL Injection
B: Cross Site Scripting
--> Cross Site Request Forgery
C: File Inclusion
Types-> Remote File Inclusion and Remote Code Execution
On this post i am telling about five types of common web attacks, which are used in
--> Cross Site Request Forgery
C: File Inclusion
Types-> Remote File Inclusion and Remote Code Execution
On this post i am telling about five types of common web attacks, which are used in
most types of defacements or dumps of databases.
The five exploits listed above are SQL injection, XSS, RCE, RFI, and LFI. Most of the
The five exploits listed above are SQL injection, XSS, RCE, RFI, and LFI. Most of the
time, we missed out some website code tags..
coz of this we get website attacks and allows the hacker for attack on vulnerable website. ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
A: SQL Injection
--> LOGIN FORM BYPASSING
Here is an example of the vulnerable code that we can bypass very easily:
index.html file:
<form action="login.php" method="POST" />
<p>Password: <input type="text" name="pass" /><br />
<input type="submit" value="Authenticate" /></p>
</form>
login.php file:
<?php
// EXAMPLE CODE
$execute = "SELECT * from database WHERE password = '{$_POST['pass'])";
$result = mysql_query($execute);
?>
We can simply bypass this by using ' or '1=1', which will execute "password = ''or '1=1'';".
Alternatively, the user can also delete the database by executing "' drop table database; --".
PREVENTION:
Use mysql_real_escape_string in your php code.
Example:
<?php
$badword = "' OR 1 '";
$badword = mysql_real_escape_string($badword);
$message = "SELECT * from database WHERE password = "'$badword'";
echo "Blocked " . $message . ";
?>
--> UNION SQL Injection
UNION SQL injection is when the user uses the UNION command. The user checks for the vulnerability by
adding a tick to the end of a ".php?id=" file. If it comes back with a MySQL error, the site is most likely
vulnerable to UNION SQL injection. They proceed to use ORDER BY to find the columns, and at the end, they use
the UNION ALL SELECT command. An example is shown below.
http://www.site.com/website.php?id=1'
You have an error in your SQL syntax near '' at line 1 SELECT SUM(quantity)
as type FROM orders where (status='completed' OR status='confirmed' OR status='pending') AND user_id=1'
No error--> http://www.site.com/website.php?id=1 ORDER BY 1--
Two columns, and it comes back with an error! This means that there is one column.
http://www.site.com/website.php?id=1 ORDER BY 2--
Selects the all the columns and executes the version() command on the only column.
http://www.site.com/website.php?id=-1 UNION SELECT ALL version()--
SOLUTION:
Add something like below to prevent UNION SQL injection.
$evil = "(delete)|(update)|(union)|(insert)|(drop)|(http)|(--)|(/*)|(select)";
$patch = eregi_replace($evil, "", $patch);
>-------------------------------------------------------<
B: Cross Site Scripting
Cross site scripting is a type of vulnerability used by hackers to inject code into vulnerable web pages.
If a site is vulnerable to cross site scripting, most likely users will try to inject the site with malicious javascript or try to
scam users by creating a form where users have to type their information in.
Two types of XSS (cross site scripting) are persistent XSS and non-persistent XSS.
Example:
http://www.site.com/search.php?q=">
SOLUTION
(javascript) (Thank you, Microsoft!):
function RemoveBad(strTemp) {
strTemp = strTemp.replace(/\<|\>|\"|\'|\%|\;|\(|\)|\&|\+|\-/g,"");
return strTemp;
}
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
C: File Inclusion
Types: Remote File Inclusion/Local File Inclusion, and Remote Code Execution
Remote File Inclusion allows a hacker to include a remote file through a script (usually PHP). This code is mostly patched on websites, but some websites are still
vulnerable to the vulnerability. RFI usually leads to remote code execution or javascript execution.
Example of the vulnerable code:
<?php
include($_GET['page']);
?>
Exploiting it would be something like this:
http://www.site.com/page.php?page=../../../../../etc/passwd or
http://www.site.com/page.php?page=http://www.site.com/xyz.txt?
SOLUTION:
Validate the input.
$page = $_GET['page'];
$allowed = array('index.php', 'games.php' 'ip.php');
$iplogger = ('ip.php');
if (in_array $page, $pages)) {
include $page {
else
{
include $iplogger
die("IP logged.");
}
For remote code execution, the site would have to have a php executing command. You would patch this by about doing the same thing.
Please be aware of above explained methods to prevent your database to get hacked and enjoy the limitless possibilities of internet!
No comments:
Post a Comment
Do you have any opinion, please leave a comment or share this post in your social network Also feel free to contact us OR drop your problem below in comment section.!!