How to defend yourself from SQL injection. All I know is that the attacker upload a PHP script from application form or any form from where you can upload a photo/video/ppt/etc . And then relocate the location of the PHP script by typing the name and location of the file in URL. The PHP script then run and may delete or stole your complete website . According to me the one solution is to put the uploading file in the folders like (62gHgU29hs) . So that the attacker cannot find the location but sometime our website itself start that PHP file so in that condition what can I do.?
Forum Thread: All About Sql Injection..
- Hot
- Active
-
Forum Thread:
Puri Hair Growth Formula
0
Replies
41 min ago -
Forum Thread:
InstaKeto
0
Replies
3 hrs ago -
Forum Thread:
http://thesupplementcop.com/ketolyn/
0
Replies
5 hrs ago -
Forum Thread:
Vialift XL Male Enhancement
0
Replies
6 hrs ago -
Forum Thread:
Ketogeniks Diet Supplement Ultimate Review [2019]
0
Replies
6 hrs ago -
Forum Thread:
http://thesupplementcop.com/ketolyn/
0
Replies
7 hrs ago -
Forum Thread:
How to Reset Netgear Router Password
0
Replies
8 hrs ago -
Forum Thread:
Bionatrol CBD Oil
0
Replies
8 hrs ago -
Forum Thread:
Help! Where Do I Simply Start in Learning Hacking or Cyber Security?
0
Replies
23 hrs ago -
Forum Thread:
Please Help
0
Replies
1 day ago -
Forum Thread:
Kali Linux WiFi Problem?
38
Replies
1 day ago -
Forum Thread:
How I can crack wireless router password?
0
Replies
3 days ago -
Forum Thread:
Metasploit Doesn't Find New Modules
0
Replies
3 days ago -
Forum Thread:
Connect to a Wifi Radius Server Remotely
0
Replies
4 days ago -
Forum Thread:
Airgeddon and My Wireless Adapter
0
Replies
4 days ago -
Forum Thread:
How to Hack a Facebook Page?
1
Replies
4 days ago -
Forum Thread:
How to Use Fluxion with a Single and Internal Wireless Card ??
1
Replies
4 days ago -
Forum Thread:
Kali Nethunter Not Working
1
Replies
5 days ago -
Forum Thread:
Cisco ASA Software 8.X/9.X - IKEv1 / IKEv2 Buffer Overflow
0
Replies
6 days ago -
Forum Thread:
Complete Guide to Creating and Hosting a Phishing Page for Beginners
18
Replies
1 wk ago
-
How To:
Identify Web Application Firewalls with Wafw00f & Nmap
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Find Passwords in Exposed Log Files with Google Dorks
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
Hacking Windows 10:
How to Create an Undetectable Payload, Part 1 (Bypassing Antivirus Software)
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Crack Shadow Hashes After Getting Root on a Linux System
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How To:
Find Anyone's Private Phone Number Using Facebook
-
How To:
Exploit Popular Linux File Managers with a Fake MP4
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Haunt a Computer with SSH
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To:
The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
7 Responses
Wheres the SQL injection? Sounds like they were able to upload and execute php script. Could you explain a little more details?
Here I am clicking this and hoping for a nice article on SQL injection..
Hey guys its not the tutorial !! I want ur help to defence my website against SQL injection !!
That's why - I am wondering why u guys not giving me replay.
Sorry for that but its not a tutorial..
What you are describing is not a SQL injection. That's XSS (cross site scripting) as far as I know.
For some reason SQL deals with a query like a string and if you put some raw user input into this query you can break it.
i.e. SELECT * FROM tblUser WHERE name = '[userinput]';
So if i enter for [userinput] something like " ' OR '1'='1' -- ", i would ignore the original WHERE statement and make a true statement followed by a commend.
You can do nearly everything you want now, i.e. make own query's.
Sry don't know much about XSS myself
if you use PHP you can make your page safe by using the PDO object. Just google "PHP PDO"
Share Your Thoughts