How to defend yourself from SQL injection. All I know is that the attacker upload a PHP script from application form or any form from where you can upload a photo/video/ppt/etc . And then relocate the location of the PHP script by typing the name and location of the file in URL. The PHP script then run and may delete or stole your complete website . According to me the one solution is to put the uploading file in the folders like (62gHgU29hs) . So that the attacker cannot find the location but sometime our website itself start that PHP file so in that condition what can I do.?
Forum Thread: All About Sql Injection..
- Hot
- Active
-
Forum Thread:
Natures Choice Keto [UPDATE 2019] Scam or Leght?
0
Replies
46 min ago -
Forum Thread:
Hack Instagram Account Using BruteForce
186
Replies
8 hrs ago -
How to:
Crack Instagram Passwords Using Instainsane
17
Replies
16 hrs ago -
Forum Thread:
Why Can't Gethering Information About Gov. Website Using Kali Linux. Any Can Explain Me
0
Replies
1 day ago -
Forum Thread:
Max Test XR
0
Replies
1 day ago -
Forum Thread:
Airdump-Ng Can't Find Any Network in Monitor Mode
5
Replies
1 day ago -
Forum Thread:
Max Test XR Surrounding Is a Accomplished
0
Replies
2 days ago -
Forum Thread:
Why, Where and How to Start Programming and Approach to Hacking.
12
Replies
2 days ago -
Help:
How Can I Copy Files Over to Metasploitable from Kali Linux
0
Replies
2 days ago -
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
132
Replies
2 days ago -
Forum Thread:
Metasploit Android Meterpreter Session Freezes After Opening the App on the Android Device
3
Replies
3 days ago -
Forum Thread:
KALi Linux WIFI PROBLEM!
3
Replies
3 days ago -
Forum Thread:
Create a FUD C++ Backdoor with Madwin
1
Replies
3 days ago -
Forum Thread:
How to hack wpa2 security wifi with ip address and with root and without userlord
0
Replies
4 days ago -
Forum Thread:
HACKING LINUX SYSTEMS by LINUX USING FEBREV-LINUXPLOIT FRAMEWORK. Hack the Hacker....
0
Replies
4 days ago -
Forum Thread:
The Only Authentic Way to Hack Instagram!
38
Replies
5 days ago -
Forum Thread:
How to Hack Wifi Network with CMD
78
Replies
5 days ago -
Forum Thread:
How to Create a Python Remote Keylogger for Facebook
25
Replies
1 wk ago -
Forum Thread:
How to Fix Error Handler Failed to Bind
1
Replies
1 wk ago -
Metasploit Error:
Handler Failed to Bind
34
Replies
1 wk ago
-
How To:
Phish for Social Media & Other Account Passwords with Blackeye
-
How To:
Phish Social Media Sites with SocialFish
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Beat LFI Restrictions with Advanced Techniques
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How To:
The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
Hack Like a Pro:
How to Get Facebook Credentials Without Hacking Facebook
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
-
How To:
Upgrade a Dumb Shell to a Fully Interactive Shell for More Flexibility
7 Responses
Wheres the SQL injection? Sounds like they were able to upload and execute php script. Could you explain a little more details?
Here I am clicking this and hoping for a nice article on SQL injection..
Hey guys its not the tutorial !! I want ur help to defence my website against SQL injection !!
That's why - I am wondering why u guys not giving me replay.
Sorry for that but its not a tutorial..
What you are describing is not a SQL injection. That's XSS (cross site scripting) as far as I know.
For some reason SQL deals with a query like a string and if you put some raw user input into this query you can break it.
i.e. SELECT * FROM tblUser WHERE name = '[userinput]';
So if i enter for [userinput] something like " ' OR '1'='1' -- ", i would ignore the original WHERE statement and make a true statement followed by a commend.
You can do nearly everything you want now, i.e. make own query's.
Sry don't know much about XSS myself
if you use PHP you can make your page safe by using the PDO object. Just google "PHP PDO"
Share Your Thoughts