Session based on SQL injection


Brief description: SQL injection is the most dangerous attack for the web application; there are many different websites that are vulnerable to SQL injection. There are different variants for SQL injection, such as a simple injection of SQL, blind injection of SQL and injection of SQL based on cookies. As you already know the basic idea about cookies and their importance, cookies represent a session and usually count in the attack of scripts between sites (XSS) but what the injection of SQL based on cookies is. In this article we will discuss cookies or session-based SQL injection attack.

Did you say a "cookie"?

A cookie, also known as an HTTP cookie, web cookie or browser cookie, is used for a source website to send status information to a user's browser and for the browser to return status information to the originating site. The state information can be used for authentication, identification of a user session, user preferences, and content of the shopping cart or anything else that can be achieved through the storage of text data.
Cookies are not software. They cannot be programmed, they cannot contain viruses and they cannot install malware on the host computer. However, spyware can use them to track user browsing activities, a major privacy concern that prompted European and US lawmakers to take action. Hackers can also steal cookies to gain access to the victim's web account. [One]

Where can I find my cookies?

Here is a way to get your cookies stored using your browser. This method is applied for Mozilla Firefox:
1. On the Tools menu, select Options. If the menu bar is hidden, press Alt to make it visible.
2. At the top of the window that appears, click Privacy.
4. To modify the configuration, from the drop-down menu under "History", select Use custom settings for history. Then enable or disable the configuration by checking or selecting the boxes next to each configuration:
To allow sites to set cookies on your computer, select Accept cookies from sites. To specify which sites are always or never allowed to use cookies, click Exceptions.
To accept third-party cookies, check Accept third-party cookies. In the drop-down menu next to "Keep up:", select the period of time you want to keep cookies on your computer.
To see the cookies stored on your computer, click Show cookies.... In the window that appears, you can see the cookies on your computer, search for cookies and delete any or all of the cookies listed.
To specify how the browser should erase the private data it stores, check Clear history when Firefox is closed. Then, click on Settings ... You can specify the items that will be deleted when you close Firefox.
4. Click OK until you return to the Firefox window.
To delete all cookies, on the Tools menu, select Clear Recent History ... Mark the items you want to delete and then click Clear Now.

Are you talking about a Cookie Poisoning attack?

The attacks of poisoning of cookies involve the modification of the content of a cookie (personal information stored in the computer of a user of the Web) to avoid the security mechanisms. Through attacks of poisoning cookies, attackers can obtain unauthorized information about another user and steal their identity.
The poisoning of cookies is a technique known mainly to achieve the impersonation and breach of privacy by manipulating session cookies, which maintain the identity of the client. By forging these cookies, an attacker can pose as a valid client, and thus obtain information and perform actions on behalf of the victim. The ability to falsify such session cookies (or, more generally, session tokens) is due to the fact that tokens are not generated securely. [4]
Variables of the cookie as vector of SQL injections:

SQL injection overview

An SQL injection attack consists of the insertion or "injection" of an SQL query through the client's input data to the application. A successful SQL injection exploit can read confidential data from the database, modify data from the database (Insert / Update / Delete), execute administration operations in the database (such as closing the DBMS), recover the content of a certain file present in the DBMS System file and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack
If you want to get secure then please visit: Web development services

Comments

Post a Comment

Popular posts from this blog

SEO trends you want to implement to stay on top in 2019

How are SEO trends going to help my business? Search engine optimization ( SEO services ) is the set of best practices that will make your website rank higher on a search engine results page (SERP) that generates more traffic for your company. These include technical aspects of your website, as well as the quality of the content it produces. Successful SEO sews the seeds for growth. Can lead to: Highest ranking in a SERP More organic traffic to your website. Increase in the conversion rate of customers. More benefits! But do not be fooled. SEO is not a simple key to success during the night. It will take time and long-term effort to achieve results. The algorithm of Google changes hundreds of times a year and is not always published explicitly. However, marketing experts have focused on determining what works and what does not. And Google has made its intentions clear. Google's algorithm favors valuable web pages that align with the user's needs. Google fa
Read more

Outsourcing web design and developing services to BrainStudioz is always a beneficial agreement

Nowadays, everyone knows the importance of professional webdesign services, and the reason behind this is that it is the most popular tool in the computer world. As technology improves day by day, a lot of people want to use technology to improve their business and even for themselves. Web design and service development so, the basic question that arises here is: what is web design and for what purpose is it used? Web design is used to design and develop different types of websites. These websites can serve companies for their promotion and advertising, or by a person for their portfolios, etc. Web design services are in great demand, since everyone wants their website to look good, and they know that the first impression is the last impression. An attractive website has the highest probability of converting regular visitors into customers, which translates into more business. Web design must be done by highly experienced web designers, and they must use the latest tools to do so
Read more

Move the house during the monsoon made easy

Credit: Movers and packers Monsoon is here and moving out of the house in the rain can be a great pain. But not everyone has a choice. It is difficult to predict if the day of the move will be a good sunny day or a stormy weather with drizzle. Therefore, it is better to be prepared for the worst. Let's explore how to do that. # 1. Check the weather report. It is advisable to browse the weather forecast websites in advance to know how the skies will behave the day you want to move. This will help you prepare for the day on the move. Do not forget to compare two or more websites to know that the predictions are accurate. # 2. Pack well, pack early Start packing long before the move in date. No matter what the content is, a box should never stay open. Use good quality packing materials to secure your belongings. Do not forget to fill the gaps with spare cloths or shredded paper. This will keep things inside the safe box. You can also use laminated cardboard or plastic boxes if
Read more