How to defend yourself from SQL injection. All I know is that the attacker upload a PHP script from application form or any form from where you can upload a photo/video/ppt/etc . And then relocate the location of the PHP script by typing the name and location of the file in URL. The PHP script then run and may delete or stole your complete website . According to me the one solution is to put the uploading file in the folders like (62gHgU29hs) . So that the attacker cannot find the location but sometime our website itself start that PHP file so in that condition what can I do.?
Forum Thread: All About Sql Injection..
- Hot
- Active
-
Forum Thread:
How to Use Exploits Written in C Code
6
Replies
1 day ago -
Forum Thread:
How to Hack My College Website ?
20
Replies
3 days ago -
Forum Thread:
Problems with Internet Connection in Kali Linux After Changing to Static Ip Address
4
Replies
4 days ago -
Forum Thread:
SQL INJECTION
5
Replies
6 days ago -
Forum Thread:
Popcorntime Alternative?
4
Replies
6 days ago -
Forum Thread:
How Does Someone Attack Account by Just Having Their @Username ? The Application Is Kik!
7
Replies
6 days ago -
Forum Thread:
I Need Help in Hacking a Gmail Account.
25
Replies
6 days ago -
Forum Thread:
Whatsapp Hack?
19
Replies
1 wk ago -
Forum Thread:
HACKING GMAIL
3
Replies
1 wk ago -
Forum Thread:
I Need Your Response for a Homework Assignment.
7
Replies
1 wk ago -
Introduction:
Cffe
1
Replies
1 wk ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
16
Replies
2 wks ago -
Forum Thread:
How to View Your Child's What's App And Many More!
3
Replies
3 wks ago -
Forum Thread:
Can some help me how to hack into a FB account to that was hacked. Trying to get a friends account back. Cheers.
6
Replies
3 wks ago -
Forum Thread:
Gaining Access into the Victim's Whatsapp on Android
13
Replies
3 wks ago -
Forum Thread:
Eml to PST Conversion
10
Replies
3 wks ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
1 mo ago -
Forum Thread:
Complete Guide to Creating and Hosting a Phishing Page for Beginners
47
Replies
1 mo ago -
Forum Thread:
Parrot Security Os Problem......
15
Replies
1 mo ago -
Forum Thread:
How Make a Simple Payload with Kali Linux (Detectable)
1
Replies
1 mo ago
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
Hack Like a Pro:
How to Crack Online Web Form Passwords with THC-Hydra & Burp Suite
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To:
Make Your Own Bad USB
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To:
Create a Persistent Back Door in Android Using Kali Linux:
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Exploit EternalBlue on Windows Server with Metasploit
-
How To:
Crack WPA/WPA2 with Wifite
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
How To:
Crack SSH Private Key Passwords with John the Ripper
-
Hacking Windows 10:
How to Dump NTLM Hashes & Crack Windows Passwords
-
Tutorial:
Create Wordlists with Crunch
-
How To:
Scan, Fake & Attack Wi-Fi Networks with the ESP8266-Based WiFi Deauther
-
How To:
Create Custom Wordlists for Password Cracking Using the Mentalist
-
How To:
Brute-Force FTP Credentials & Get Server Access
7 Responses
Wheres the SQL injection? Sounds like they were able to upload and execute php script. Could you explain a little more details?
Here I am clicking this and hoping for a nice article on SQL injection..
Hey guys its not the tutorial !! I want ur help to defence my website against SQL injection !!
That's why - I am wondering why u guys not giving me replay.
Sorry for that but its not a tutorial..
What you are describing is not a SQL injection. That's XSS (cross site scripting) as far as I know.
For some reason SQL deals with a query like a string and if you put some raw user input into this query you can break it.
i.e. SELECT * FROM tblUser WHERE name = '[userinput]';
So if i enter for [userinput] something like " ' OR '1'='1' -- ", i would ignore the original WHERE statement and make a true statement followed by a commend.
You can do nearly everything you want now, i.e. make own query's.
Sry don't know much about XSS myself
if you use PHP you can make your page safe by using the PDO object. Just google "PHP PDO"
Share Your Thoughts