What is SQL Injection?

Published by Abhishek Upadhayay on

SQL INJECTION

Website hacking

According to Wikipedia

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

A Basic HTML Website does not contain a SQL database which is based on structured query language. So This type of hack works only for SQL based websites.

What is a Database? Why it is Important for a website.

The database is a collection of data which is called by an application when required.

For explaining these let’s take help from an example.

An attendance register of a classroom contains daily attendance records for each student, you can say this is a database of class attendance. Whenever there is a requirement of counting attendance of any student, the register is taken for analysis, the same thing happens in a website. Whenever a new user got registered on a website, his all information kept stored in the database of the website for the future.

 

How a Hacker Hacks a Website?

Data is stored in a Database with SQL (Structured Query Language) Even the Administration data. So if somehow hacker gained access to the database, he can get the stored administration password (Owner’s Password to gain access to Website’s Admin panel. Where you can add contents or even completely delete the website)

But this is not Enough, Many Criminal Hackers Gain access to the database of Online Shopping Websites to get Stored Credit Cards and other Confidential information and they Make Money With it.

At first Hacker Scan the whole website for Vulnerabilities in database.

After finding a loophole, he injects malicious codes in the database.

Then Finally the database is accessed and dumped (Downloaded to his computer with all the information)

SQLI Dumper

SQLI Dumper is a secret program developed to find out weak security websites from the internet and this program is powerful enough to dump databases quickly.

Certain “Dorks” is entered in the search option for eg. Php?=

So the websites which contain this string will be scanned first.

After a successful scan, a list of websites appears on the screen.

In the next step again this list is again scanned for finding exploitable websites.

And finally, the shortlisted website is scanned for injectable websites which can be easily hacked with this program.

Simple,   right?

No, absolutely not.

If any hacker does this without any previous knowledge of hiding his Ip (internet protocol) which is a unique identification of every individual internet user, he will be in trouble for sure.

Hiding an IP is an art and a completely different secret nobody will tell you. But We will get into this to explain it further in another chapter.

 

Hacking is a crime, But Having knowledge can save you from being hacked.

It depends on you. How you use this information. Just like fire can burn you but It can also cook food for you.

 

IF YOU WANT TO KNOW ABOUT ETHICAL HACKING click here.

 

 

 


0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

STAY CONNECT WITH US