Technology, Web & Business Forum



Welcome to the Technology, Web & Business Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact us.


Hardware Hardware topics for servers, desktops, laptops, printers and more


Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 05-01-2009
Senior Member
  
Join Date: Apr 2009
Posts: 144
Default SQL Injection
Hi
I am sujith from India, yesterday I found my site was hacked by one Turkish group, BeGGaR and S.H.T , and their URL is palet28.sitemynet.com/sht.htm and ip address is 212.101.96.34,
My friend told me that the hacking made by using SQL injection.
Can anyone tell me details, what is SQL Injection and how it works, and how to prevent them?



disney dvd|guadagnare online
Reply With Quote
  #2 (permalink)  
Old 05-03-2009
Junior Member
  
Join Date: May 2009
Posts: 3
Default
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.
Reply With Quote
  #3 (permalink)  
Old 05-21-2009
Junior Member
  
Join Date: May 2009
Posts: 3
Default
SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.
The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.
The injection process works by prematurely terminating a text string and appending a new command. Because the inserted command may have additional strings appended to it before it is executed, the malefactor terminates the injected string with a comment mark "--". Subsequent text is ignored at execution time.
__________________
Liposuction Guide
Reply With Quote
  #4 (permalink)  
Old 05-27-2009
Junior Member
  
Join Date: May 2009
Posts: 21
Default
SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
_________________
Maple Engineered Flooring
Church Chairs
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -5. The time now is 09:37 PM.