Sql Injection at Hashemite University
-
Upload
yusuf-amro -
Category
Technology
-
view
147 -
download
1
Transcript of Sql Injection at Hashemite University
The Hashemite University Prince Al-Hussein Bin Abdullah II Faculty for Information
Technology
Sql Injection with Yusuf Ali
Network SecurityBy
Dr. Ashraf Aljammal
What we will learn ?
4 ) How to use dvwa to develop our skills ?3 ) What is dvwa project.
2) How to attack using SQL injection ?1 ) What is SQL Injection .
Sql Injection
How to hack a website using Sql injection?
The Vulnerable is execution of inputs without scan it.Inputs like username maybe a sql statement! Which executed at Database of server by Hackers.
1 )Normal password : karcobia$sql = “select * from users where
pass=$password;”2 )Attacker's password : abc. or 1=1
$sql = “select * from users where pass=$password”.or 1=1;
As we can see here we got all users and passwords in the Database!
Hacker can execute any sql statement like Admin privileges !
Result
dvwa Project :// . . .http www dvwa co uk/
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, It also helps web developers better understand the process of securing server and web app or can also be use to teach students ethical hacking and pretesting.
- See more at: http://www.hackw0rm.net/2013/02/how-to-create-penentration-lab-in.html#sthash.AXAhpGPY.dpuf
Let’s Try it!
SQL Injection
Gather information of database : 1 ) Version of Database
2 ) User of Database3 ) Database name
4 ) Tables in Schema information5 ) mysql Table information
6 ) Users and Passwords7 ) Decrypt Hash Passwords
How to ensure that your password hash in not in the MD5 huge
databases ?
What we learned ?
What is Sql Injection.How to attack using sql injection?
What is dvwa project.How to use dvwa to develop your skills?
Thank you for your time and attention!
Contact info:Email: [email protected]
Twitter: @YusufAmroJunior GIS Web and Mobile Application Developer
JoGulf Spatial Data Systems