A tutorial by Abax
Introduction:
Many "Script Kiddes", out there try to use injections to their advantage, I will show you how to simple injections,
and slightly advanced, as well as help protecting your self from these so called "MySQL Injections".
Requirements:
- Basic Html Knowledge
- Basic Javascript Knowledge
- Basic MySQL Knowledge
- A site that is open to this attack, or make one =)
Basic Outline:
Every time to time their is one person that will try to attack your site, or heck it could be you trying to use
mysql injections,but it comes down to the fact that you need to know how, if your big with site creation/devlopment
or maintenance/security. So their are many types of attacks but the worst, and possibly easist would be a MySql
injection or a Server Side Include.
In this case lets say you made a site that uses' mysql to store/receive data, and maybe its for an administrator
panel or member login, any the do you need it to be secure by many reasons, so whats the best way to protect
yourself, some client side protections and some server side protections, but before we can think of protecting we
have to do so.
The most common sql injection know would be to go to an admin panel, plop in an injection and gain control to the
site, which is a huge no-no. So how is this done? A couple ways heck a lot. I will be cover the basics and some
more advanced later on in a different tutorial.
So if we look at this code what does this do to mysql?
- Code: Select all
'or''='
If you now some "MySql Scripting", you would now that it tells it to select from null or usally the admin
username/password dependent on the field. So thats one and their can be many for example a huge list i have:
1'or'1'='1
admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
So you get the point that all it is doing is selecting the appropriate table, now if we injected this into a form
for admin login we could very easy gain access which ain't bad for Ctrl+Copy and Ctrl+Pasting this small code.
But there is a small problem depending on the site it may restrict certian characters or only give you 6 character
spaces to work with this is were some common sense, JavaScript injection and html coding comes into play.
This is probably the most important part except for the security. You will need to make some sort of code to make
the inputs maxlength var bigger or delete a javascript function that cleans, or even disable server side practice
which is really hard. But to be nice I will explain some basic javascript injection so you can make some things
work out, if you havent you should look at the nice Javascript Injection tutorial which explains it, and the code.
Make "password" maxlength value 30:
- Code: Select all
javascript:void(document.forms[0].password.maxlength=30)
Check it with:
- Code: Select all
javascript:alert(document.forms[0].password.maxlength)
Now that you can see a basic way to exploiting some unsafe sites, how do you make yours safer? Mainly by blocking
input, checking for refer url, checking length of fields, and making a server side checker so that its almost
unbeatable. I will only cover a fraction, and this is were you have to code a simple JavaScript function that checks
if the input is good, and based on that return an answer, I will not supply the code but give you a theory.
Check through every char and if the char is not a good char for example: ',",=,<>... Ect.
