Impressions
Friday, February 18, 2011
SQL Injection Prevention Tips from Rahul Tyagi (Must For Webdevolpers)
SQL Injection still used by script kiddies , gery and even by black hat hackers, its the easiest way to hack into some one's website. So today in this article i will give you some tips to, how to prevent SQL injection on your own or may be company's website.
1. Don't allow special characters As we all know the SQL strings are often having special symbol strings, making a combination on OR and =. So try to have stroke procedures instead of SELECT * FROM table name where Username="..." and Password="...", This is the global code and vulnerable. So try to validate your code and try to avoid acceptance of special symbols.
2. Use Email Instead of User ID
The best way to prevent SQL injection is to have use of Suer name as Email address. So what is happening here the code written will validate in such a way that it will not accept anything else instead of EMAIL address. Thus SQL injection strings are non acceptable hence SQL injection can be prevented.
3. Try to Hide Your Admin Login Page
Well there is no security in this universe there is only opportunity, and if you are showing your ADMINLOGIN page link on your website then that means you are giving the opportunity to the HACKER. Its an obvious thing that SQL injection can only be done through on your admin login panel (Some times through URL) and User login panel. So don't show ur adminlogin link direct on your website.
4. Don’t use default AdminLogin page
Other way is to protect your website from SQL injection is to name ur AdminLogin according to you. Try to hvae login page links like "powerlogin.asp","herologin.asp" means something different which cannot be found eaisly on the Google hacks. So when a hacker try to search your admin login page he/she(for Female hackers he he), he will search for adminlogin.asp,admin/login.asp something like this. and as result will be frustrated and hence will leave your website.
5. Social Engineering
Don't disclose your website vulnerabilities to anyone. try to get help from GOD istself GOD here i call (GOOGLE). Instead of discussing your website vulnerabilities to a single person try to search for the solutions on google.And last but not least have an WARNING message on your login pages something scary like" We are using transparent proxy do not try to and HACK, otherwise an legal action would be taken.". That code really works he he, at least before trying to hack into you website, he will think twice. So hope this unique article will help the website developers to prevent SQL injection attacks. This is the first ever article by anyone having these techniques. So please don't copy hope soon i will take copyright on this. Happy Hacking :)
There are number of things you can do... I will show you a few more herefor PHP Devolpers ...
Alternative one
Lets say thins is your code:
Code:
$result = mysql_query('SELECT text FROM pages WHERE id=' . $_GET['id']);
echo($result);
?>
This means that you are selecting the page content witch is 'text' from 'pages' in the SQL database, and you are sorting out the right page content with $_GET['id'] and $_GET['id'] is the thing in the url... Example; http://google.com/index.php?id=123
This code is easely injecteble... But if you do this:
Code:
$result = mysql_query('SELECT text FROM pages WHERE id=' . mysql_real_escape_string($_GET['id']));
echo($result);
?>
You are 100% secure
Alternative two
This one is not as good as the first one... But still works
Again we say this is your php code:
Code:
$result = mysql_query('SELECT text FROM pages WHERE id=' . $_GET['id']);
echo($result);
?>
Again this is verry simple to inject... But if you check $_GET['id'] for "iligal" characters! Like this:
Code:
$pos = strrpos(strtolower($_GET['id']), "union");
if ($pos === false){}else
{
die;
}
$pos = strrpos(strtolower($_GET['id']), "select");
if ($pos === false){}else
{
die;
}
$pos = strrpos(strtolower($_GET['id']), "information_");
if ($pos === false){}else
{
die;
}
$result = mysql_query('SELECT text FROM pages WHERE id=' . $_GET['id']);
echo($result);
?>
Labels:
Hacking
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment