How to defend yourself from SQL injection. All I know is that the attacker upload a PHP script from application form or any form from where you can upload a photo/video/ppt/etc . And then relocate the location of the PHP script by typing the name and location of the file in URL. The PHP script then run and may delete or stole your complete website . According to me the one solution is to put the uploading file in the folders like (62gHgU29hs) . So that the attacker cannot find the location but sometime our website itself start that PHP file so in that condition what can I do.?
Forum Thread: All About Sql Injection..
- Hot
- Active
-
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
160
Replies
44 min ago -
Kali Linux Persistence Error:
No Solution on Internet
3
Replies
6 hrs ago -
Forum Thread:
Create and Use Android/Meterpreter/reverse_tcp APK with Msfvenom?
109
Replies
13 hrs ago -
Forum Thread:
Best Mac Antivirus?
1
Replies
18 hrs ago -
Forum Thread:
Hack Instagram Account Using BruteForce
188
Replies
1 day ago -
Forum Thread:
6.SSL Stripping||Encryption Course||SSL Stripping Attack
0
Replies
2 days ago -
Forum Thread:
How to Protect Your Data from Others [#4 Tutorial ] Join Us Now Cyber Security Course
2
Replies
2 days ago -
Forum Thread:
5.Secure Sockets Layer SSL and Transport Layer Security TLS||Beginners Guide to Encryption
0
Replies
4 days ago -
Forum Thread:
HiddenEye problem here
2
Replies
4 days ago -
Forum Thread:
Kali Linux Boot Error
7
Replies
6 days ago -
Forum Thread:
4.What Are Digital Signatures in Encryption||Beginners Guide for Encryption
0
Replies
6 days ago -
Forum Thread:
Proxychains Not Working or Loading??
2
Replies
1 wk ago -
Forum Thread:
how should I start from scratch. I'm a stupid kid
0
Replies
1 wk ago -
Forum Thread:
Does Arp Spoofing Needs Monitor Mode?
0
Replies
1 wk ago -
Forum Thread:
2.Asymmetric Encryption||Encryption Guide For Beginners
0
Replies
1 wk ago -
Forum Thread:
Removing Pay-as-You-Go Meter on Loan Phones.
0
Replies
1 wk ago -
Forum Thread:
AMD RX 580 Driver for Kali LINUX
3
Replies
1 wk ago -
Forum Thread:
How to Hack CCTV Private Cameras
65
Replies
1 wk ago -
Forum Thread:
Hacking Facebook,Twitter,Instagram Account Passwords with BruteForce
153
Replies
2 wks ago -
Forum Thread:
How to Get Social Media Accounts and Real Name from the Footprints Left Behind by a Phone Number
7
Replies
2 wks ago
-
How To:
Conduct Wireless Recon on Bluetooth, Wi-Fi & GPS with Sparrow-wifi
-
How To:
Master Linux with This Extensive 12-Course Bundle
-
How To:
Bypass PowerShell Execution Policy to Pwn Windows
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Master Python with This Top-Rated Bundle for Just $30
-
How To:
Run Kali Linux as a Windows Subsystem
-
How To:
The Top 80+ Websites Available in the Tor Network
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
-
How To:
Hunt Down Social Media Accounts by Usernames with Sherlock
-
How To:
Brute-Force Nearly Any Website Login with Hatch
-
How To:
Crack Shadow Hashes After Getting Root on a Linux System
-
How To:
Hack WPA & WPA2 Wi-Fi Passwords with a Pixie-Dust Attack Using Airgeddon
-
How To:
Upload a Shell to a Web Server and Get Root (RFI): Part 1
-
How To:
The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
-
Hack Like a Pro:
How to Get Facebook Credentials Without Hacking Facebook
-
How To:
Hack WPA WiFi Passwords by Cracking the WPS PIN
-
How To:
Hack 5 GHz Wi-Fi Networks with an Alfa Wi-Fi Adapter
7 Responses
Wheres the SQL injection? Sounds like they were able to upload and execute php script. Could you explain a little more details?
Here I am clicking this and hoping for a nice article on SQL injection..
Hey guys its not the tutorial !! I want ur help to defence my website against SQL injection !!
That's why - I am wondering why u guys not giving me replay.
Sorry for that but its not a tutorial..
What you are describing is not a SQL injection. That's XSS (cross site scripting) as far as I know.
For some reason SQL deals with a query like a string and if you put some raw user input into this query you can break it.
i.e. SELECT * FROM tblUser WHERE name = '[userinput]';
So if i enter for [userinput] something like " ' OR '1'='1' -- ", i would ignore the original WHERE statement and make a true statement followed by a commend.
You can do nearly everything you want now, i.e. make own query's.
Sry don't know much about XSS myself
if you use PHP you can make your page safe by using the PDO object. Just google "PHP PDO"
Share Your Thoughts