AN sql injection
website hacking
According
to Wikipedia
SQL injection is
a code injection technique, used to attack data-driven
applications, in which malicious SQL statements are inserted into
an entry field for execution (e.g. to dump the database contents to the
attacker).
A Basic HTML Website does not contain a SQL database
which is based on structured query language. So This type of hack works only
for SQL based websites.
What is a Database? Why it is Important for a website.
What is a Database? Why it is Important for a website.
Database is a collection of data which is called by
an application when required.
For explaining this lets
take help from an example
An attendance register of a class room contains daily
attendance records for each student, you can say this is a database of class
attendance. Whenever there is a requirement of counting attendance of any
student, the register is taken for analysis, same thing happens in a website.
Whenever a new user got registered on a website, his all information kept
stored in database of the website for future.
How a Hacker Hacks a Website?
Data is Stored in a Database with SQL (Structured
Query Language) Even the Administration data. So if somehow hacker gained
access to the database, he can get the stored administration password (Owner’s
Password to gain access to Website’s Admin panel. Where you can add contents or
even completely delete the website)
But this is not Enough, Many Criminal Hackers Gain
access to the database of Online Shopping Websites to get Stored Credit Cards
and other Confidentialinformation and they Make Money With it.
At first Hacker Scan the whole website for
Vulnerabilities in database.
After finding a loophole, he injects malicious codes
in the database.
Than Finally the database is accessed and dumped
(Downloaded to his computer with all the information)
SQLi Dumper
SQLI Dumper is a secret program developed to find out
weak security websites from the internet and this program is powerful enough to
dump databases quickly.
Certain “Dorks” is entered in the search option for
eg. Php?=
So the websites which contain this string will be
scanned first.
After a successful scan a list of websites appears on
the screen.
In next step again this list is again scanned for
finding exploitable websites.
And finally the shortlisted website is scanned for
injectable websites which can be easily hacked with this program.
Q:- Simple, Right ?
A:- No, absolutely not.
If any hacker do this without any previous knowledge
of hiding his Ip (internet protocol) which is a unique identification of every
individual internet user, he will be in trouble for sure.
Hiding an ip is an art and a completely different
secret nobody will tell you. But We will get into this to explain it further in
an another chapter.
Hacking is a crime, But Having a knowledge can save
you from being hacked.
It Depends on you. How you use this information. Just
like fire can burn you but It can also cook food for you.
0 comments: