- Vulnerable system / internet website
- Magic code
- code string -> 'a or 'a' = a'
- a' or 't'='t
Pada username masukkan = admin
Password “ = `1 or `1`=`1
Atau
Pada username masukkan = `1 or `1`=`1
Password “ = `1 or `1`=`1
Sistem tidak dapat detect ( ` `@ ` ` ) krn x ada username / password (user/pengguna) yg letak spt itu melainkan string shj spt 1 or 1 = 1, tidak `1 or `1`=`1.
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
Reference: Wikipedia, the free encyclopedia
Tujuan SQL injection :
- DOS ( Denial of services)
- Access / akses
- Modify
HOW TO PROTECT FROM SQL INJECTION
- protect di application level
- server level
- if...else statement ( di bhg login )
- escape ' 1 ' single code
- parameter statement
4. Username -> email
password -> password
$ SQL = " SELECT nama_penyelia, tahap_penyelia, id_penyelia
FROM penyelia WHERE username = '$name' and
password = '$pass';
* Letakkan coding dibawah utk prevent SQL Injection : ataupun syarat dimana jika ada Hackers yg letakkan Magic Code x' or '1' = '1 maka website telah detect & akses tidak dibenarkan.
* variable name dihantar / dibaca dari belakang ke depan iaitu :
Tujuan if...else statement = utk - > (jika website sendiri)
- check $name contain
- reject- jika ada single code / reject jika true
* Server + mod security + Apache ( utk prevent injection di server jika melibatkan byk website)
* Setkn single code + SQL code (Magic string) di server utk reject sebarang cubaan hack.
No comments:
Post a Comment