Showing posts with label COMPUTER WORLD E BOOK. Show all posts
Showing posts with label COMPUTER WORLD E BOOK. Show all posts

Sunday 4 August 2013

sql injection

In this case, the developer fails to filter the input for escape characters and He directly pass the input to SQL statement. This leads to vulnerability.

Consider this code:
statement = "SELECT * FROM `users` WHERE `name` = '" + userName + "';"

This code can check the username in datbase. associate degree aggressor will use malicious codes to inject his own question. for eg:

' or 1=1
he can enter the above code instead of the username. So the SQL statement will become like this:
SELECT * FROM `users` WHERE `name` = '' OR 1=1;

He can use the comments to block the rest of the query .
for eg:
' or 1=1 --
so the query will become like this:
SELECT * FROM `users` WHERE `name` = '' OR 1=1 -- ;

Here name=' ' is false. But '1'='1' is true. Here we used OR operator. So it is enough to one condition is true. So this will query bypass the login.
-------------------------------------------------------------------------------------------

Sunday 16 June 2013

AAVIK KUMAR'S COMPUTER WORLD

HELLO EVERYBODY
i am planning to write my first e book"COMPUTER WORLD" all about computer .it is all in one book.
 so here is a first look of my book.

cover page of computer world

AAVIK KUMAR,aavik,aavik kumar