Disable the back button on a browser
<script language="javascript" type="text/javascript">
function noBack()
{
window.history.forward()
}
noBack();
window.inhibited_load=noBack;
window.onpageshow=function(evt){if(evt.persisted)noBack()}
window.inhibited_unload=function(){void(0)}
</script>
Disable the Right Click of Mouse
<script LANGUAGE="JavaScript">
<!--
function click()
{
if (event.button==2)
{
alert('You Can NOT use the Right Mouse Button . No Sorry , It is my manager's spec!');
}
}
document.onmousedown=click
// -->
</script>
More will added in the next few days....
Showing posts with label Examples. Show all posts
Showing posts with label Examples. Show all posts
Thursday, January 13, 2011
Tuesday, January 4, 2011
Understanding SQL Injection- Examples .
SQL injection is a hacking technique which attempts to pass SQL commands through a web application for execution by a database.
SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.
Common vulnerabilities that make your data access code susceptible to SQL injection attacks include:
Weak input validation.
Dynamic construction of SQL statements without the use of type-safe parameters.
Use of over-privileged database logins.
Here is a sample basic HTML form with two inputs, login and password.
<form method="post" action="http://testasp.myweb.com/login.asp">
<input name="name" type="text" id="name">
<input name="password" type="password" id="password">
</form>
The easiest way for the login.asp to work is by building a database query that looks like this:
FROM logins
WHERE username = '$username'
AND password = '$password’
If the variables $username and $password are requested directly from the user's input, this can easily be compromised. Suppose that we gave "Joe" as a username and that the following string was provided as a password: anything' OR 'x'='x
FROM logins
WHERE username = 'xyz'
AND password = 'anything' OR 'x'='x'
As the inputs of the web application are not properly sanitised, the use of the single quotes has turned the WHERE SQL command into a two-component clause.
The 'x'='x' part guarantees to be true regardless of what the first part contains.
This will allow the attacker to bypass the login form without actually knowing a valid username / password combination!
In the following example, assume that a web site is being used to mount an attack on the database. If you think about a typical SQL statement, you might think of something like:
SELECT ProductName, QuantityPerUnit, UnitPrice
FROM Products
WHERE ProductName LIKE '%'
The objective of the attacker is to inject their own SQL into the statement that the application will use to query the database. If, for instance, the above query was generated from a search feature on a web site, then they user may have inserted the "G" as their query. If the server side code then inserts the user input directly into the SQL statement, it might look like this:
"FROM Products " +
"WHERE ProductName LIKE '"+this.search.Text+"%';
SqlDataAdapter da = new SqlDataAdapter(sql, DbCommand);
da.Fill(productDataSet);
This is all fine if the data is valid, but what if the user types something unexpected? What happens if the user types:
Note the initial apostrophe; it closes the opening quote in the original SQL statement. Also, note the two dashes at the end; that starts a comment, which means that anything left in the original SQL statement is ignored.
Now, when the attacker views the page that was meant to list the products the user has searched for, they get a list of all the names of all the objects in the database and the type of object that they are. From this list, the attacker can see that there is a table called Users. If they take note of the id for the Users table, they could then inject the following:
WHERE id = 1845581613;--
This would give them a list of the column names in the Users table. Now they have enough information to get access to a list of users, passwords, and if they have admin privileges on the web site.
Assume that there is a table called Users which has columns called UserName and Password, it is possible to union that with the original query and the results will be interpreted as if the UserName was the name of the product and the Password was the quantity per unit. Finally, because the attacker discovered that there is a IsAdmin column, they are likely to retrieve the information in that too.
Let us go to next page for Example 3.
Let us go to next page for Example 3.
Subscribe to:
Posts (Atom)