How to defend yourself from SQL injection. All I know is that the attacker upload a PHP script from application form or any form from where you can upload a photo/video/ppt/etc . And then relocate the location of the PHP script by typing the name and location of the file in URL. The PHP script then run and may delete or stole your complete website . According to me the one solution is to put the uploading file in the folders like (62gHgU29hs) . So that the attacker cannot find the location but sometime our website itself start that PHP file so in that condition what can I do.?
Forum Thread: All About Sql Injection..
- Hot
- Active
-
Forum Thread:
Arpspoof - No Connectivity on Physical Machine
2
Replies
9 hrs ago -
Forum Thread:
How to Build Cheapest Password Cracker on Multiple GPUs?
0
Replies
16 hrs ago -
Forum Thread:
Active White-Hat Forums?
14
Replies
17 hrs ago -
Forum Thread:
Apis for Trojans [ a gift from me ]
0
Replies
1 day ago -
Forum Thread:
Creating a Ransomware for Android from 0! By [ Mohamed Ahmed ]
0
Replies
1 day ago -
Forum Thread:
Hack Cheating Wife's Windows 7 Admin Password
12
Replies
1 day ago -
Forum Thread:
BlueBorne - Kali Linux Script?
9
Replies
1 day ago -
Forum Thread:
How to Install This Custom Metasploit?
0
Replies
1 day ago -
Forum Thread:
Building a TAP ( Passive Sniffer ) By: [ Mohamed Ahmed ]
0
Replies
1 day ago -
Forum Thread:
Pentesting with Shodan & Functional Exploits By [Mohamed Ahmed ]
0
Replies
1 day ago -
Forum Thread:
Hello,need help with PDF . how remove hack password ?
2
Replies
1 day ago -
Kali Linux:
TP-Link TL WN722N V2 Driver Not Working
11
Replies
1 day ago -
Forum Thread:
How to Hack Wireless Password Through MAC Address and IP Address
19
Replies
1 day ago -
Forum Thread:
How to Track an Android Phone
0
Replies
1 day ago -
Forum Thread:
How to Spy on Android Phones?
5
Replies
1 day ago -
Forum Thread:
How Would I Decrypt This?
1
Replies
2 days ago -
Forum Thread:
Hack Telegram Bot
1
Replies
2 days ago -
Forum Thread:
Problems with TL-WN722N V2 (Monitor Mode)
17
Replies
2 days ago -
Forum Thread:
Decrypting SSL or TLS Session Traffic with Wireshark
1
Replies
2 days ago -
Forum Thread:
What Is the Best Free Vpn Services?
21
Replies
2 days ago
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Exploring Kali Linux Alternatives: How to Get Started with BlackArch, a More Up-to-Date Pentesting Distro
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How To:
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
-
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2017
-
How to Hack Wi-Fi:
Capturing WPA Passwords by Targeting Users with a Fluxion Attack
-
How To:
Hack Forum Accounts with Password-Stealing Pictures
-
Hack Like a Pro:
How to Spy on Anyone, Part 1 (Hacking Computers)
-
How To:
Use a Virtual Burner Phone to Protect Your Identity & Security
-
Advice from a Real Hacker:
How to Know if You've Been Hacked
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To:
Hack Windows 7 (Become Admin)
-
How To:
Successfully Hack a Website in 2016!
-
Hack Like a Pro:
How to Crack Passwords, Part 1 (Principles & Technologies)
-
Hack Like a Pro:
Getting Started with Kali, Your New Hacking System
-
How To:
The Essential Skills to Becoming a Master Hacker
-
Hack Like a Pro:
How to Crack Online Web Form Passwords with THC-Hydra & Burp Suite
7 Responses
Wheres the SQL injection? Sounds like they were able to upload and execute php script. Could you explain a little more details?
Here I am clicking this and hoping for a nice article on SQL injection..
Hey guys its not the tutorial !! I want ur help to defence my website against SQL injection !!
That's why - I am wondering why u guys not giving me replay.
Sorry for that but its not a tutorial..
What you are describing is not a SQL injection. That's XSS (cross site scripting) as far as I know.
For some reason SQL deals with a query like a string and if you put some raw user input into this query you can break it.
i.e. SELECT * FROM tblUser WHERE name = '[userinput]';
So if i enter for [userinput] something like " ' OR '1'='1' -- ", i would ignore the original WHERE statement and make a true statement followed by a commend.
You can do nearly everything you want now, i.e. make own query's.
Sry don't know much about XSS myself
if you use PHP you can make your page safe by using the PDO object. Just google "PHP PDO"
Share Your Thoughts