How to defend yourself from SQL injection. All I know is that the attacker upload a PHP script from application form or any form from where you can upload a photo/video/ppt/etc . And then relocate the location of the PHP script by typing the name and location of the file in URL. The PHP script then run and may delete or stole your complete website . According to me the one solution is to put the uploading file in the folders like (62gHgU29hs) . So that the attacker cannot find the location but sometime our website itself start that PHP file so in that condition what can I do.?
Forum Thread: All About Sql Injection..
- Hot
- Active
-
Forum Thread:
Once Upon a Time in Hollywood Movie Gets Oscar Boost at Critics_iMdB
0
Replies
3 min ago -
Ash vs Terminator:
Dark Fate | Den of Geek
0
Replies
14 min ago -
4K Review:
'Gemini Man' Movie Pushes 4K All the Way_iMdB
0
Replies
20 min ago -
Forum Thread:
Last Christmas the Review | Movie - Empire
0
Replies
31 min ago -
The Addams Family Movie Clip:
A New City and neighbors_iMdB
0
Replies
34 min ago -
Forum Thread:
Character Posters for Maleficent: Mistress of Evil Movie_iMdB
0
Replies
47 min ago -
Forum Thread:
Queen & Slim 's Taika Waititi Might Direct a New Star Wars Movie, Report Says
0
Replies
48 min ago -
Forum Thread:
Keto Trim 800 - It Is World Best Formula for Weight Lose!
0
Replies
1 hr ago -
Forum Thread:
health2wealthclub.Com/Keto-Trim-800/
0
Replies
1 hr ago -
Forum Thread:
Where to Buy Optimal Rock!
0
Replies
1 hr ago -
Joker' Movie 4K Blu-Ray Review:
Phoenix Rising_iMdB
0
Replies
1 hr ago -
Uncut Gems Movie Review :
Another Pointless reboot_iMdB
0
Replies
1 hr ago -
Forum Thread:
“the Grudge” Movie Director Discusses the Film's Canon_iMdB
0
Replies
2 hrs ago -
Forum Thread:
Midnight Family Official Trailer
0
Replies
2 hrs ago -
Forum Thread:
Robbie Disturbed by Bombshell Movie scene_iMdB
0
Replies
2 hrs ago -
Forum Thread:
The Frozen II ' Reveals the Roots of Sam ...
0
Replies
2 hrs ago -
Forum Thread:
How Long Is Movie Charlie's Angels ?
0
Replies
2 hrs ago -
Forum Thread:
A Beautiful Day in the Neighborhood Movie Cross $16 Million_iMdB
0
Replies
2 hrs ago -
Forum Thread:
Marvel Finally Owns the Rights to 21 Bridges , Will Mark Ruffalo
0
Replies
3 hrs ago -
Queen & Slim Review:
Five Stars for This Exhilarating film_iMdB
0
Replies
3 hrs ago
-
How To:
Break into Router Gateways with Patator
-
How To:
Crack Wi-Fi Passwords with Your Android Phone and Get Free Internet!
-
How To:
Brute-Force SSH, FTP, VNC & More with BruteDum
-
How To:
Steal Ubuntu & MacOS Sudo Passwords Without Any Cracking
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
Hack Like a Pro:
How to Hack Facebook (Facebook Password Extractor)
-
How To:
Use SUDO_KILLER to Identify & Abuse Sudo Misconfigurations
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
Android for Hackers:
How to Turn an Android Phone into a Hacking Device Without Root
-
How To:
Hack Android Using Kali (Remotely)
-
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
-
How To:
Crack Shadow Hashes After Getting Root on a Linux System
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To:
Top 10 Things to Do After Installing Kali Linux
-
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
-
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To:
Hack Apache Tomcat via Malicious WAR File Upload
-
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
-
How To:
Find Anyone's Private Phone Number Using Facebook
-
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
7 Responses
Wheres the SQL injection? Sounds like they were able to upload and execute php script. Could you explain a little more details?
Here I am clicking this and hoping for a nice article on SQL injection..
Hey guys its not the tutorial !! I want ur help to defence my website against SQL injection !!
That's why - I am wondering why u guys not giving me replay.
Sorry for that but its not a tutorial..
What you are describing is not a SQL injection. That's XSS (cross site scripting) as far as I know.
For some reason SQL deals with a query like a string and if you put some raw user input into this query you can break it.
i.e. SELECT * FROM tblUser WHERE name = '[userinput]';
So if i enter for [userinput] something like " ' OR '1'='1' -- ", i would ignore the original WHERE statement and make a true statement followed by a commend.
You can do nearly everything you want now, i.e. make own query's.
Sry don't know much about XSS myself
if you use PHP you can make your page safe by using the PDO object. Just google "PHP PDO"
Share Your Thoughts