How To Stop SQL Injection On Your Website

Website Hacking always hot topic between Hacker,some days before i am tell you how to hack a website by SQL Injection with picture.

For watch old Post Click Here

Today post about How to Safe your site against SQL Injection Attack because security of website too important for save your Data Base by access unauthorised person.

If your site SQL vulnerable then a hacker go to site login page and type tha administrator username and in the password field type or paste like this..

x' or '1'='1

If the site vulnerable then it login and you change all settings but how this code work.If you are able to log in then the code on side ...

$sql=

"SELECT*FROM users

"WHERE username="" . $username .

" AND password="" . $password ."";

then your code work as...

SELECT *FROM users WHERE username='admin' and PASSWORD='HrDe' or '1'='1

Here x' or '1'='1 has injected an extra phrase into the WHERE clause that means WHERE is always true,and this query will return a row contain the user's details.

If single user defined in the DB,then user's details will always returned else multiple users then one of those user will be returned at random.

How to safe website by Deface ?

How to fix vulnerable hole on your website,it's not difficult.Many ways to do it.If you work with MySQL then simply you fix it by using the

mysql_escape_string()

or

mysql_real_escape_string() function for example....

$userid=mysql_real_escape_string($userid);

$password=mysq;_real_escape_string($password);

$sql=

"SELECT*FROM users

"WHERE username="" . $username .

" AND password="" . $password ."";

This work as...

SELECT*FROM users WHERE username='admin' and PASSWORD='x\' or \'a\' =\'a

It backslashes(\) make the DB treat query like a normal character rather than as a delimiter,by it DB no interprets the SQL an OR in the WHERE clause.

This is one method but many ways open for you to protect yourself.

If this information helpful for you,so only enter your name and email id and write down your comment.

This is the small gift for my work by you.

Read more..

Hackarde Come 1 More Step Near You

Congrats! me and all viewer because your beloved blog "HACKARDE" come to near you 1 step more with Twitter.

Ya! it is right today "HACKARDE" start his Twitter Account because if you want like to near about "HACKARDE" so "HACKARDE" also like near about you.

All person know that today is the time of Social Networking and many people like to share our thing and work with other person,Twitter is a g8t place where you share your all passion.Many Companies CEO,biggest business man,Socialist,and Film Star follow twitter to connect with all person.

So i am thought why not "HACKARDE" share his view with his viewer,So the Result is Today "HACKARDE" launch his Twitter Account in Front of you.

My request to all viewer go to Twitter and Follow the "HACKARDE" for latest update.

For Follow "HACKARDE" Please click on the "FOLLOW ME ON TWITTER!" link which Shown in Blog at top right Side.

Read more..

BruCON Agnitio workshop Slides and Video Demonstration - Download

Workshop by David Rook at BruCON 2011 in Belgium. You can Download Slide from here.

Required for the Agnitio hands on demos:

• A 32bit Windows Operating System (XP or 7 preferably – VM will be fine)
• .NET framework 3.5 installed
• Agnitio v2.0 installed
• Download the Pandemobium Android and iOS source code
• Download the selected vulnerable open source application
• 
  

Optional
In addition to the list above the following things are optional depending on how hands on you want to be:

• Internet connection to download an application from the Android market place
• Eclipse IDE installed
• Android SDK installed
• Android Debug Bridge (adb) installed, this should be installed as part of the SDK install
• An AVD configured with the Android market place app installed (instructions here)
• I think you can also use a rooted Android device if you don’t want to use the emulator

Workshop format

• A quick look at static analysis and the strengths and weaknesses of humans and software
• What is Agnitio and why do I think checklists are a vital component of security code reviews
• Some examples of what can go wrong if you don’t use checklists to find and remove simple flaws
• Demos/hands on: using checklists in Agnitio to review source code, produce reports and metrics
• Demos/hands on: how to customise your Agnitio installation
• A look at mobile (Android and iOS) application security and how analysis is currently done
• Demo/hands on: using the mobile specific rule sets in the Agnitio static analysis module
• Demo/hands on: downloading an app from the marketplace and decompiling it using Agnitio.

Source:TheHackerNews

Read more..