Hi friends, Everyone like to be a master hacker but for that you must know all the techniques. So in this series we are going to see the SQL injection which is one of the most popular and powerful techniqe.
In this series we are going to cover it in the following steps
- First we are going to see what is SQL and what is SQL injection. Because we must know the background before we attack it
- Then we are going to see the types of SQL or SQL engines.
- After that we are going to look the structure of SQL because you know the structure then only you could know the vulnerability in it.
- After that we are going to learn how to find the vulnerability.
- and after that we are going to learn to exploit the vulnerability
- And finally we are going to see how to secure these vulnerabilities.
what is SQL
SQL which stands for the Structured Query Language.It is help to store, modify and update data secure, fast and reliable manner.
This SQL is used in the places where the data is want to be store, edit or update in a structured way. mostly in websites and web applications.
In this series i am going to use PHP as a scripting language in my examples. PHP is a webscript engine. It is commonly used in creating websites and applications. Now Now, you might think;
But if I only learn this on one type of script, don’t I have to learn all of this for all other types of scripts?(ASP, ASP.NET, Java, Perl, CGI, and etc)
The answer is No, because the concept remains the same. Additionally I will be using MySQL as the SQL engine in examples.
Theoretically SQL can be used by any script engine as it is basically just a application listening on a port on a server waiting for commands/instructions. The only requirement is the ability to use TCP/IP protocol. However some script engines like PHP and ASP(.net) got pre-made classes and functions for some of the most common SQL engines. Making it a whole lot easier to interact with the SQL server.
In order to run PHP scripts(at least in a browser) you are going to need a PHP supported web server. It is not required to write a single line of code or install anything on your computer to complete this tutorial. But its a good idea to experiment with all of the elements in this tutorial. PHP, MySQL and web server(I recommend apache).
Learn more about PHP: http://php.net | http://en.wikipedia.org/wiki/PHP
Learn more about SQL: http://en.wikipedia.org/wiki/SQL
Learn more about MySQL: http://mysql.com | http://www.tizag.com/mysqlTutorial/ |http://en.wikipedia.org/wiki/MySQL
Learn more about Apache: http://en.wikipedia.org/wiki/Apache_HTTP_Server
Learn more about SQL: http://en.wikipedia.org/wiki/SQL
Learn more about MySQL: http://mysql.com | http://www.tizag.com/mysqlTutorial/ |http://en.wikipedia.org/wiki/MySQL
Learn more about Apache: http://en.wikipedia.org/wiki/Apache_HTTP_Server
PS. If you want a really quick way of installing all of the elements above, install WAMP for Windows. Its a all-in-one Apache, MySQL and PHP system for Windows.
I think thats enough today. lets have a look of the types of SQL or SQL engines in our next article. Until then stay turned. 
Post a Comment