How to defend yourself from SQL injection. All I know is that the attacker upload a PHP script from application form or any form from where you can upload a photo/video/ppt/etc . And then relocate the location of the PHP script by typing the name and location of the file in URL. The PHP script then run and may delete or stole your complete website . According to me the one solution is to put the uploading file in the folders like (62gHgU29hs) . So that the attacker cannot find the location but sometime our website itself start that PHP file so in that condition what can I do.?
Forum Thread: All About Sql Injection..
- Hot
- Active
-
Forum Thread:
Need Drivers for TP-Link TL-WN722N on Android.
1
Replies
5 hrs ago -
Forum Thread:
ZIP Files Sometimes Gives an Error
3
Replies
9 hrs ago -
Forum Thread:
[Problem] Meterpreter, Migrate and Antivirus
2
Replies
10 hrs ago -
Forum Thread:
Error When Opening Excel Files
0
Replies
10 hrs ago -
Forum Thread:
How Can I Hack My College's Website to Change My Transcript
9
Replies
14 hrs ago -
Forum Thread:
How to Log in to Your Friends Instagram Account (Physically)
5
Replies
1 day ago -
Forum Thread:
How to Encrypt a Shellcode ?
0
Replies
1 day ago -
Forum Thread:
Using a Wireless USB Adapter in Kali 2.0
6
Replies
2 days ago -
Forum Thread:
Hacking Android Problem!
4
Replies
2 days ago -
Forum Thread:
How to Use NGROK in a Reverse_Tcp Attack?
6
Replies
2 days ago -
Forum Thread:
How to Really Become Pro Hacker ?
5
Replies
2 days ago -
Forum Thread:
Efficient Python Based Crawler
0
Replies
3 days ago -
Forum Thread:
How to Make the Raspberry Pi Zero W into a Usb Rubber Ducky?
5
Replies
3 days ago -
Forum Thread:
DNS Spoofing Doesn't Work
1
Replies
3 days ago -
Forum Thread:
This Is the Girl Who Wrote "I'm Being Hacked Like Mr. Robot," Topic Cont., New Info, Desperate for Help!
5
Replies
4 days ago -
Forum Thread:
How to Hack a Android Phone Connected on a Same Wifi Router
19
Replies
4 days ago -
Forum Thread:
Alfa awus036h Not Working on 64bit Macbook Air Sierra
0
Replies
4 days ago -
Forum Thread:
How to Hack Wireless Password Through MAC Address and IP Address
18
Replies
5 days ago -
Forum Thread:
Hack a Raspberry Pi with Metasploit | Metasploit Exploitation Basics
0
Replies
5 days ago -
Forum Thread:
How to Hack Wifi Network with CMD
62
Replies
5 days ago
-
How to Hack Wi-Fi:
Build a Software-Based Wi-Fi Jammer with Airgeddon
-
How To:
4 Ways to Crack a Facebook Password & How to Protect Yourself from Them
-
How To:
Crack Any Master Combination Lock in 8 Tries or Less Using This Calculator
-
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
-
How To:
Get Unlimited Free Trials Using a "Real" Fake Credit Card Number
-
How To:
Set Up a Headless Raspberry Pi Hacking Platform Running Kali Linux
-
How to Hack Wi-Fi:
Capturing WPA Passwords by Targeting Users with a Fluxion Attack
-
Hack Like a Pro:
How to Secretly Hack Into, Switch On, & Watch Anyone's Webcam Remotely
-
Hack Like a Pro:
How to Crack Passwords, Part 1 (Principles & Technologies)
-
Hack Like a Pro:
How to Remotely Install a Keylogger onto Your Girlfriend's Computer
-
Hack Like a Pro:
How to Spy on Anyone, Part 1 (Hacking Computers)
-
How To:
Install OpenVAS for Broad Vulnerability Assessment
-
Mac for Hackers:
How to Get Your Mac Ready for Hacking
-
How To:
Set Up SoftEther VPN on Windows to Keep Your Data Secure
-
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
Advice from a Real Hacker:
How to Know if You've Been Hacked
-
How To:
Hack Windows 7 (Become Admin)
-
How To:
Successfully Hack a Website in 2016!
-
How To:
Map Networks & Connect to Discovered Devices Using Your Phone
-
How To:
Create a Bump Key to Open Any Door
7 Responses
Wheres the SQL injection? Sounds like they were able to upload and execute php script. Could you explain a little more details?
Here I am clicking this and hoping for a nice article on SQL injection..
Hey guys its not the tutorial !! I want ur help to defence my website against SQL injection !!
That's why - I am wondering why u guys not giving me replay.
Sorry for that but its not a tutorial..
What you are describing is not a SQL injection. That's XSS (cross site scripting) as far as I know.
For some reason SQL deals with a query like a string and if you put some raw user input into this query you can break it.
i.e. SELECT * FROM tblUser WHERE name = '[userinput]';
So if i enter for [userinput] something like " ' OR '1'='1' -- ", i would ignore the original WHERE statement and make a true statement followed by a commend.
You can do nearly everything you want now, i.e. make own query's.
Sry don't know much about XSS myself
if you use PHP you can make your page safe by using the PDO object. Just google "PHP PDO"
Share Your Thoughts