SQL Injection Explained
SQL is a database language which is designed for storing, retrieving and manipulating data stored in a database.
SQL Injection
If a SQL database is directly connected to the website, it can be manipulated to steal and modify the database. This happens after a user is able to inject a code in SQL server doing whatever he wants to do with the database. In a way, he gets the full control of it.
1)To understand SQL injection, we must understand SQL queries.
2) Say while logging a user 'Rohan' with password 'pass123', a sql query is sent as
SELECT from users WHERE user='Rohan' and password='pass123';
3)What if the query was SELECT from users WHERE user='Rohan' or '1'='1';
4)The first user would be logged in.
5) We can do the same here, for example.
6) On entering ' OR '1'='1' # ,we get logged in as Jake, since he is the first user in the database.
7) Queries can further be manipulated to steal the database.
8) Example on entering ' OR '1'='1' union select 1,2,3,4,5# would give the 1-5th row if it exists in the database
Always remember to use Kali for helpful purposes and not use it to cause harm.
Stay Safe.
Stay Safe.
Follow us on Facebook:- Facebook.com/VAPTHacker
LinkedIn:- https://www.linkedin.com/in/rohankalra97/
Twitter:- https://twitter.com/rohankalra97
Comments
Post a Comment