SQL Injection: Best Practices and Projects

January 16, 2017 | Views: 9821

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Estimated reading time: 1.5 minutes

Hello everyone,

Most people think that they know SQL injection. Some people may think that SQL injection is limiting in how it passes the login form. But, SQL injection covers a large area of research.

First, let’s take a look it what SQL injection is.

Well, SQL injection is a way or technique that can fool the server. All we need to know is how the server side programming is communicating with the server.

Once we find this information, we know it is between 40-50%. When we open any website it works in this way.

  • client->DNS->Server-> then server response goes straight to the client.
  • responce: server->client.

Then, after that, our communication starts in a new way.

  • client->server (DNS not required because we already have the IP)

Next, if the website has a database, we will want to log in. Then our communication will work in this way.

  • client->server->database

response;

  • database->server->client.

Next, we need to realize the server that we are sending the information to so that it passes it to the correct server. Then the server will provide us the response.

As in a query  ‘or 1=1’, there are many techniques to realize that we are passing the true information.

Now, some of you may say, “I want to learn SQL Injection, but I’m not able to find quality practice projects.” My recommendation is download the bricks project (http://sechow.com/bricks/download.html).

Caution –

Be careful when using the servers. Choose the correct one – I suggest uwamp.  It provides an auto configuration with uwamp. If you want to use the xammp or wamp then we have to configure the username and password of that project.

http://www.uwamp.com/en/?page=download.

I hope this information will help to make you an expert.

Thank you and best regards.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
8 Comments
  1. Nyc broo👌🏻👌🏻

  2. Thank you Amiss for this piece of information.I expected to get more from your insight considering the title of the paper.
    Once again thank you.

  3. After reading this article I actually DL’ed the latest version of bricks, installed it on my latest MAMP and started playing with it. Turns out the PHP code in bricks is dated and I ran into some issues, particularly with mysql connect / query commands. I haven’t gotten to the challenges yet but want to post this note in case someone runs into the same setup issues… If you’re going to use the latest PHP, note that mysql_connect() and mysql_query() have been replaced with mysqli_connect() and mysqli_query() respectively. I also found that using the DB name as the 4th arg in mysqli_connect() works better than if you try to switch to the “bricks” instance after mysqli_connect()…
    HAPPY BRICKIN’ 🙂

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel