How to defend yourself from SQL injection. All I know is that the attacker upload a PHP script from application form or any form from where you can upload a photo/video/ppt/etc . And then relocate the location of the PHP script by typing the name and location of the file in URL. The PHP script then run and may delete or stole your complete website . According to me the one solution is to put the uploading file in the folders like (62gHgU29hs) . So that the attacker cannot find the location but sometime our website itself start that PHP file so in that condition what can I do.?
Forum Thread: All About Sql Injection..
- Hot
- Active
-
Forum Thread:
How to Hack a Website to Edit It
21
Replies
2 days ago -
Forum Thread:
Eml to PST Conversion
9
Replies
3 days ago -
Forum Thread:
PST File - Outlook Inbox Repair Tool Can't Repair
4
Replies
4 days ago -
Metasploit Error:
Handler Failed to Bind
39
Replies
1 wk ago -
Forum Thread:
How to Mr Robot's Password Cracker?
10
Replies
1 wk ago -
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
15
Replies
1 wk ago -
Forum Thread:
12 Ways How to Hack Any Social Network and Protect Yourself 2018
2
Replies
1 wk ago -
Forum Thread:
Hack Instagram Account Using BruteForce
198
Replies
2 wks ago -
Forum Thread:
Popcorntime Alternative?
3
Replies
2 wks ago -
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
51
Replies
2 wks ago -
Forum Thread:
How to Make a Hacking Tool and What Programming Languages Are Used to Make One?
15
Replies
2 wks ago -
Forum Thread:
Does GSA Email Spider Gives Inaccessible or Hidden Email Addresses and Phone Numbers of Web Sites?
4
Replies
2 wks ago -
Forum Thread:
Whatsapp Hack?
18
Replies
2 wks ago -
Forum Thread:
Remotely Hacking Phones
3
Replies
4 wks ago -
Forum Thread:
Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom?
119
Replies
4 wks ago -
Forum Thread:
Create a FUD C++ Backdoor with Madwin
2
Replies
1 mo ago -
Forum Thread:
How to Find Someones Location by Image
4
Replies
1 mo ago -
Forum Thread:
How to Hack CCTV Private Cameras
68
Replies
1 mo ago -
Forum Thread:
Hacking into Whatsapp Series, Part 2: Phishing.
6
Replies
1 mo ago -
Forum Thread:
How to Convert .Bat (Payload) To .Exe in Linux?
10
Replies
1 mo ago
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
How To:
Hack Android Using Kali (Remotely)
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
Hacking Windows 10:
How to Dump NTLM Hashes & Crack Windows Passwords
-
How To:
Exploit EternalBlue on Windows Server with Metasploit
-
How To:
Create a Persistent Back Door in Android Using Kali Linux:
-
How To:
Make Your Own Bad USB
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Scan Websites for Interesting Directories & Files with Gobuster
-
How To:
Embed a Metasploit Payload in an Original .Apk File | Part 2 – Do It Manually
-
How To:
Easily Detect CVEs with Nmap Scripts
-
How To:
Get Root with Metasploit's Local Exploit Suggester
-
How To:
Stealthfully Sniff Wi-Fi Activity Without Connecting to a Target Router
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
How To:
Crack Shadow Hashes After Getting Root on a Linux System
-
How To:
Phish for Social Media & Other Account Passwords with BlackEye
7 Responses
Wheres the SQL injection? Sounds like they were able to upload and execute php script. Could you explain a little more details?
Here I am clicking this and hoping for a nice article on SQL injection..
Hey guys its not the tutorial !! I want ur help to defence my website against SQL injection !!
That's why - I am wondering why u guys not giving me replay.
Sorry for that but its not a tutorial..
What you are describing is not a SQL injection. That's XSS (cross site scripting) as far as I know.
For some reason SQL deals with a query like a string and if you put some raw user input into this query you can break it.
i.e. SELECT * FROM tblUser WHERE name = '[userinput]';
So if i enter for [userinput] something like " ' OR '1'='1' -- ", i would ignore the original WHERE statement and make a true statement followed by a commend.
You can do nearly everything you want now, i.e. make own query's.
Sry don't know much about XSS myself
if you use PHP you can make your page safe by using the PDO object. Just google "PHP PDO"
Share Your Thoughts