Posts Tagged ‘Hacking’

SQL Injection Attack explained!

July 11, 2010 4 comments

We need a medic here!

From OWASP, A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. Some days ego, Pirate Bay was hacked by an SQL Injection Attack.

So let me explain how an SQL Injection Attack occurs by using an example. We have a website which allows users to post their high scores for a game.

A form for a user to enter Name and Score
Read more…

Categories: Programming Tags: ,

Simple Password Cracking

July 11, 2010 Leave a comment

A very basic password cracking

Here is a very simple algorithm which matches the character of the password entered to the user to that stored by a variable in the program(which frequently happens). It is very easily implemented.

Its core is actually only one line of code that, in the C language, could be written as follows: if (strcmp (password entered, reference password)) {/* Password is incorrect */} else {/* Password is OK*/}.

Here is an example code which implements it and we’ll examine it.
Read more…