Hello dosto swagat hai aapka hamare blog hindi idea me aaj hum aapko batayenge ki SQL injection kya hota hai ? iska use website hack karne me kaise kiya jata hai.
SQL injection kya kyu kaise ?
friend SQL injection techniq aisa website vernerability hai, jisse website ko bahut hi kam time me hack kiya ja sakta hai.
SQL injection kya hai?
SQL(Structured Query Language) injection ek aisi techniq hai, jiske jariye website me malicious code inject kiya jata hai. uske bad website ke database se website ka admin panel ke sath website ka password aur username nikala jata hai.
apko SQL injection ko samjane se pahle ye janna jarruri hai, ki ek website banti kaise hai. website me HTML file kya hota hai. website database kya hota hai? agar apne kabhi koi website banayi hogi to apko pata hoga ki ek website ke 2 part hote hai, jisse milkar website banta hai.
#1. HTML file - jab ham koi website banate hai, tab hame website ko design karna padta hai, aur uske liye hame coding karna padta hai. aur jab ham apne coding se website ko banate hai, to o puri ek hamari website ki script banti hai aur us script ko hame server me upload karna padta hai, tab hamara website banta hai.
#2. Database - database banane ke liye mySQL jaise language ka use kiya jata hai. ye website ke data hote hai, jo ki table aur collom ke format me hote hai. alag alag table me alag alag data hota hai. aur isi database me website ke onwer ka detail website login page & website admin panel ka username and password hota hai. jiske jariye website ka onwer website me enter karta hai aur website me koi bhi update karta hai.
to dosto ab apko DataBase kya hai & HTML file kya hai iske bare me pata chal gaya hai, lekin ab question ye ata hai, ki SQL injection se website hack kaise ho jati hai, aur SQL injection vernerability work kaise karti hai.
to dosto website ko hack karne ke liye bahut sare tarike hai, lekin agar ham kisi website ke database ko sida target kare to, kyoki website ka agar sara detail database me hai, aur agar hamare pass database a gaya matlab website hamare controle me. isliye hacker website ko hack karne ke liye database ko target karte hai.
SQL injection Vernerability
Dosto jo bhi website me database hai, wo website ke liye cammand ke form me work karti hai. jaise
hindidea.blogspot.com ek website ka url hai, aur agar website ke age (/)laga ke koi bhi word type kare to o word website ke liye ek cammand ho jata hai. ab dosto jis website me SQL Injection vernerability hai us website ko hacker aisa cammand dega, jisse website khud website ka username and password de deta hai.
jaise:- website ke database me alag alag table and collom hote hai. aur usi table me se kahi ek table me website ka user name and password hota hai. to hacker website ko aisa kuch cammand dega jisse wahi table website me show karega, ya download ho jayga.
jo ki hacker ko chahiye hota hai. agar hacker ke hath website ka user name and password a gaya to website to hack ho gayi na kyoki hacker ab us username and passwod ke jariye website me login kar sakta hai aur website me koi chang ya website delete kar sakta hai.
SQL injection vernerability find
dosto internet me aise bahut sare website hai, jisme SQL injection vernerability hai, aur unhe asani se SQL Injection techniq ke jariye hack kiya ja sakta hai. aur mostly jo website me SQL Injection vernerability hoti hai o website ka url ke age (login php?id=1) aisa hota hai.
lekin aisa nahi hai, ki jo website ke URL ke age aisa ho usme SQL Injection vernerability ho. use apko cheq karna padta hai. ap use cheq karne ke liye website ke URL ke age (‘ ya *)laga sakte hai. to website me ek error show karega. jo ap niche image me dekh sakte hai.
SQL Injection website hacking login bypass
aisa jaruri nahi hai, ki jis website me SQL injection vernerability hai, us website me ham usi website ke username and password se hi login kare. kyoki aisi vernerability me ham website ke admin panel me login detail ko bypass kar sakte hai. uske liye kuch special query hai, jiske jariye website me login kar sakte hai, hame bas bar bar website me ye cheq karne ki jarurat hoti hai. ap jo niche dekh sakte hai, ye kuch example hai, jiske jariye kisi SQL Injection vernerable website me enter kiya ja sakta hai.
‘) or true–
‘) or (”)=(‘
‘) or 1–
‘) or (‘x’)=(‘
” or true–
” or “”=”
” or 1–
” or “x”=”
Hello, my name is Manoj (Mnu). I'm a 23 year old self-employed Boy from New Delhi India.
This comment has been removed by the author.
ReplyDelete