sql injection
website hacking
According to Wikipedia
SQL injection is
a code injection technique, used to attack data-driven applications,
in which malicious SQL statements are inserted into an entry
field for execution (e.g. to dump the database contents to the attacker).
A Basic HTML Website does not contain a
SQL database which is based on structured query language. So This type of hack
works only for SQL based websites.
What is a Database? Why it is
Important for a website?
Database is a collection of data which is called by an application when required.
For explaining this lets take help from an example.
An attendance register of a class room contains daily attendance records for each student, you can say this is a database of class attendance. Whenever there is a requirement of counting attendance of any student, the register is taken for analysis, same thing happens in a website. Whenever a new user got registered on a website, his all information kept stored in database of the website for future.
How a Hacker Hacks a Website?
Data is Stored in a Database with SQL (Structured Query Language) Even the Administration data. So if somehow hacker gained access to the database, he can get the stored administration password (Owner’s Password to gain access to Website’s Admin panel. Where you can add contents or even completely delete the website)
But this is not Enough, Many Criminal Hackers Gain access to the database of Online Shopping Websites to get Stored Credit Cards and other Confidential information and they Make Money With it.
At first Hacker Scan the whole website for Vulnerabilities in database.
After finding a loophole, he injects malicious codes in the database.
Than Finally the database is accessed and dumped (Downloaded to his computer with all the information)
SQLI Dumper
SQLI Dumper is a secret program developed to find out weak security websites from the internet and this program is powerful enough to dump databases quickly.
Certain “Dorks” is entered in the search option for eg. Php?=
So the websites which contain this string will be scanned first.
After a successful scan a list of websites appears on the screen.
In next step again this list is again scanned for finding exploitable websites.
And finally the shortlisted website is scanned for injectable websites which can be easily hacked with this program.
Simple, Right ?
No, absolutely not.
If any hacker do this without any
previous knowledge of hiding his Ip (internet protocol) which is a unique
identification of every individual internet user, he will be in trouble for
sure.
Hiding an ip is an art and a completely different secret nobody will tell you. But We will get into this to explain it further in an another chapter.
Hacking is a crime, But Having a knowledge can save you from being hacked.
It Depends on you. How you use this information. Just like fire can burn you but It can also cook food for you.
Comments
Post a Comment