What is SQL INJECTION and (SQL Injection Attack)?

December 24, 2019 admin ceh 0

Is Article mai apke sabhi swalo ke jvab apko mil jayege. Jaise What is SQL INJECTION , SQL INJECTION Attack , SQL INJECTION Example.

SQL INJECTION

Yeh ek tarah ki vulnerability hoti hai jo websites mai milti hai. Yeh ek bahut hi common vulnerability hai or bahut sari websites mai kafi time pahle find ki gayi thi. Aaj ke time mai SQL INJECTION se vulnerable website bahut hi kam dekhne ko milti hai.

Kyoki jaise ki humne btaya i yeh ek common vulnerability hai to jadatar websites mai yeh vulnerability ab nahi hoti hai. Lekin agar aap Ethical hacker bana chahte hai.

Aise mai apko iske bare mai jana jaruri hai. Kyoki Website hacking ko karne ke liye ek hacker sabse pahle isi vulnerability ko check karta hai.

ALSO READ

What is SESSION HIJACKING ? 

Methods of whatsapp Hacking?

what is SYSTEM HACKING?

Carding?

What is Social Engineering?


Note- This Post only for educational Purpose .Don’t miss use your Knowledge.

Apne SQL Programming Language ka naam jarur suna hoga. Is attack ko usi SQL language ke base par hi kaam karna padta hai. SQL INJECTION vulnerability ka use Database se information ko nikalne ke liye kiya jata hai.

Jaise ki sql Programming Language ek server side language hai. Jo website ko database se connect karne ke liye use ki jati hai. Inhi ka use hackers Websites ko hack karne ke liye karte hai.

Ek hacker ko yeh attack karne ke liye database ki thodi bahut knowledge honi jaruri hoti hai. Jaise username or password database mai kaha store hote hai. Konsi file database mai kaha save rehti hai inke bare mai pata hona jaruri hota hai.

How to find Vulnerable Website?

Ek Hacker ko SQL INJECTION attack karne ke liye sabse pahle aise websites ko find karna hota hai. Jinme yeh vulnerability hoti hai. Yeh Google Dorks ke kuch keywords ke through kar sakte hai. Keywords ke bare mai apko SEO mai btaya gaya hai.

Badi websites jaise Facebook, Google, amazon SQL INJECTION ki vulnerability se vulnerable nahi hoti hai. Apko kuch dorks ke bare mai btaya ja raha hai baki apko Dorks ki list ka download link bhi mil jayga.

inurl:index.php?id=

inurl:article.php?id=

inurl:event.php?id=

inurl:buy.php?category=

Example

http://www.example.com/index.php?id=1′

Download Dorks

Agar koi website SQL ki vulnerability se vulnerable hoti hai. Tab apko Screen par My SQL ki error show hogi. Lekin agar vulnerability nahi hogi tab Page not Found ki error show hoti hai.

How to Find Columns SQL INJECTION  ?

Ab maan lijiye apne SQL INJECTION se vulnerable website find kar li hai. Iske baad apko website ke columns ke bare mai pata karna hota hai. Columns ki information kuch parameters ke through nikali jati hai jaise

http://www.example.com/index.php?id=-1 order by 2

http://www.example.com/index.php?id=-1 order by 3

http://www.example.com/index.php?id=-1 order by 4

Ab maan lijiye 4 ke bad Unknown column ki error ati hai. Tab iska matalb Website mai 4 column hai. Iske baad is attack ko karne ke liye hacker ko vulnerable columns ko find karna hota hai kuch is tarah.

http://www.example.com/index.php?id=-1 union  select  1 2 2 4

Iske baad agar hacker ko kuch numbers show hote hai. Jaise 2 or 3 tab veh samjh jata hai ki 2 or 3 columns vulnerable iske bad vulnerable columns ko exploit kiya jata hai. 

How to Find Database SQL INJECTION  ?

http://www.example.com/index.php?id=-1 union select 1,version(),3,4,5

How to find Database password SQL INJECTION  ?

http://www.example.com/index.php?id=-1 union select 1,password(),3,4,5

How to find Database username?

http://www.example.com/index.php?id=-1 union select 1,user(),3,4,5

Kisi SQL INJECTION se vulnerable website mai login information mai kuch strings ka use karke Hackers login kar lete hai. In Strings ke bare mai jane se pahle. Yeh samjhte hai kisi SQL INJECTION vulnerable website mai yeh strings kaise username or password ko bypass karte hai.

Jaise maan lijiye apki koi ek Website hai or veh SQL se vulnerable hai. Apko is vulnerability ke bare mai nahi pata ha. Aise mai aap apni Website par login apna username or password fill karke hi karte hai.

Phir apke through diye gaye username or password ki query ko database mai user account se match kiya jata hai. Uske baad apki Website ka access apko mil pata hai. Username or password ki value true hone par hi apko website ke database ka access mil pata hai.

Ab yaha hacker ko nahi pata hai ki apki Website ka username or password kya hai. Aise mai veh kuch strings ka use karke apki website ko access kar sakta hai. Jaise (“or 1=1-) ek hacker username or password mai agar is tarah ki string ko fill karta hai.

Aise mai veh login ho jata hai aisa isliye hota hai. Kyoki inverted commas mai fill ki gayi value null values hoti hai or null value database mai hmesha true hoti hai. Jis vajah se ek hacker ko apki website ka login access mil jata hai

username password ko bypass karne ke liye use ki jane vali Strings kuch is type ki hoti hai.

‘or 1=1- , “or 1=1- , or 1=1- , ‘or ‘a’=’a , “or “a”=”a, ‘) or (‘a’=’a , “) or (“a”=”a

Download Sql strings

The Conclusion

Main umeed karta hu ki apko SQL INJECTION ke bare mai ache se pata chal gaya hoga. SQL INJECTION vulnerability ka hackers kaise fayda uthate hai.

Is attack ko kayi type ke google dorks or parameters or strings ki help se kiya ja sakta hai. Yeh dorks or parameters apko samjhane ke liye btayi gayi hai ki SQL INJECTION attack kya hai or yeh kaise kaam karta hai .

Agar apka koi bhi question hai tab aap comment box mai puch sakte hai. Humse contact bhi kar sakte hai. Agar apko yeh blog acha lag raha hai. Tab aap ise jarur subscribe karen. Or huumare likhe hue posts ko share karna mat bhule.

Thankyou

Be the first to comment

Leave a Reply

Your email address will not be published.


*