Saturday, June 1, 2013

Exploiting SQL Injection "Attack"

Hi Geeks,Lets start with the tutorial.Before starting I am dam sure that most of you didn’t understood the question.

Exploiting the SQL injection Attack

Meaning :- This shows that how we can exploit SQL injction “Attack”.I am not going to show you that how one can attack a website with “SQL Injection Attack.”But here I specified “Attack” word in the title.Which shows that we are attacking the SQL injection “Attack”means We are going to protect our website by being attacked from the hackers,who are attacking our site with SQL injection.So here I want to show you that how we can do secure coding.

For that we need some good coders with the bit knowledge of attack methods of vulnerability.Because now a days if any coder gets job,he started doing coding without watching security matter.
Basically we can eliminate the vulnerability by 2 methods.
1.Input Validation Coding :-
Here I am talking about the validation.Normal validation that coder makes on to the register page or any other page.This method is very simple,less time and brain consuming and also more effective.I don’t know I am right or wrong but as per my thinking this method prevents the SQL injection attack 55% to 65%.
Lets see with example.
If any site has a detail of customer.Then If i have made this information page of customer named “cust_info”. This is the normal page but if any particular customer logged in the I must have given any particular ID(Integer).
Suppose if I am CHINTAN the customer and my id is 26543 then my page will work like this.
This id 26543 shows particular my info.
So basically here is the GET request.Input number is going to input in this GET request.So we can give here security by adding one type checking IF condetition.Like this,

Function :- is_numeric

Exmple :-
 if(is_numeric($cust_info))
                        {
                                    Statment;
                        }
Else
Statement ;

Where statement is the => Give acceptance to it.Or This is valid and further processing is to be done.Redirection or response or anything esle.
For further information visit here,

Ok.Lets consider the other scenario.As i have given that my ID is 26543.So it will always be 5 characters for my id.Which will reamin same as it is for a long time until and if the site got changes.So we can also put another security by adding another PHP function.Like this,

Function :- preg_match

Exmple :-
If(preg_match(‘\d{4}’,$entry))
{
            Statement;
}
Else
Statement ;
Where statement will be like this.IF the values are true then we can take action by defining the statement.Like redirection.Connection lost in the case of value dont get true.Or Redirection to 404.php
For more detail about function go here,

2.Not Allowing Special Characters :-
The sensitive part of the website like search box and all that where mostly attacker gives this type of special character for attacking with SQL and XSS.
/
So if in coding we are blocking this type of character to input no 1 even will able to input such characters neither in that particular box nor from URL.So how will he check that its vulnerable or not?So we can be secured.
Another Handy trick that we can do is this.
Server’s coding should do in such a way that if any attacker puts this type of special characters to attack,then rather to redirect on 404.php(if result has not come),it should redirect on a page which displays a POPup with the message that “your original IP adress and the MAC adress has been fetched up.This was the trap.”So if any attacker even finds the vulnerability he wont even think to exploit it again after seeing this msg.
So,far as I am the PHP developer I know about this function so made tutorial to prevent SQL injection on PHP sites.I am assuming that there may be functions like this in .NET and JAVA.So, one must use it to secure site by coading.Why to pay extra money to security analyst if PHP is giving such a good inbult functions like these.

No comments: