Thursday, July 30, 2009

SQL Injection

Definition


SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.


There are many forms of vulnerability which is :-


1. Incorrectly filtered escape character
  • occurs when user input is not filtered for escape characters and is then passed into an SQL statement. This results in the potential manipulation of the statements performed on the database by the end user of the application.

2. Incorrectly type handling
  • occurs when a user supplied field is not strongly typed or is not checked for type constraints. This could take place when a numeric field is to be used in a SQL statement, but the programmer makes no checks to validate that the user supplied input is numeric.

3. Vulnerabilities inside the database server
  • MySQL server's mysql_real_escape_string() function. This would allow an attacker to perform a successful SQL injection attack based on bad Unicode characters even if the user's input is being escaped.

4. Blind SQL injection
  • used when a web application is vulnerable to SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered.


Magic code / words for SQL Injection.

hi' or 1=1--

' or 'a'='a

' or 1=1--

" or 1=1--


or 1=1--

' or 'a'='a

" or "a"="a

') or ('a'='a


Protection from SQL Injection


Set parameters are either strings or integers and the form input is all text.

1. if magic quotes is on run strip slashes.

2. if its an integer convert to integer type.

3. if its a string replace AND, OR

4. Remove special characters not needed like = and ; (any others?)

5. use the sscape function for mysql.

6. quote variables in the query string.

7. use double quote

8. avoid dynamic SQL

9. validate all input

10. principle of least privilege


For more details, click link below :-

· Wikipedia

· SecuriTeam

· Microsoft

· Digitalpoint forum

Posted by zeroro at 11:48 PM 0 comments
Labels: ,

Phishing ( cont )


Phishing + Social Engineering


    1. Open site
    2. Save as
    3. Modify login form
    4. Modify action parameter
    5. Create fake action ( store password )
    6. Done

Posted by zeroro at 8:55 PM 0 comments
Labels: , ,

Phishing

In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

Phishing Technique
  • Social engineering
  • Link manipulation
  • Filter evasion
  • Website forgery
  • Phone phishing

For more details, click here
Posted by zeroro at 8:29 PM 0 comments
Labels: ,

PC Security

Computer security is a branch of technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users.


Computer security

  • Secure operating systems
  • Security architecture
  • Security by design
  • Secure coding

Computer insecurity

  • Vulnerability

Social engineering
Eavesdropping

  • Exploit

Trojan

viruses and worms
Denial of service

  • Payload

Backdoor
Rootkit
Keylogger


Read more at Wikipedia


E-book for PC Security & Maintenance. download

Posted by zeroro at 6:49 PM 0 comments
Labels: ,

Mount USB into Linux

Step to mount usb
  • mkdir /usb
  • chmod 777 /usb
  • mount -t vfat /dev/sdb1 /usb

Then try to check whether the drive are ready to use or not.
  • cd /usb
  • ls

Unmount the drive
  • umount /usb
Posted by zeroro at 6:28 PM 0 comments
Labels: ,
Subscribe to: Posts (Atom)