One of the major problems with SQL is its poor security issues surrounding is the login and urlstrings. This tutorial is not going to go into detail on why these string work as all these details have been given in my previous article Top 10 Tricks to exploit SQL Server Systems .
First SEARCH the following Keywords in Google or any Search Engine:
admin\login.asp
login.asp
with these two search string you will have plenty of targets to chose from…choose one that is Vulnerable
INJECTION STRINGS: How to use it?
This is the easiest part…very simple
On the login page just enter something like
user:admin (you dont even have to put this.)
pass:’ or 1=1–
or
user:’ or 1=1–
admin:’ or 1=1–
Some sites will have just a password so
password:’ or 1=1–
In fact I have compiled a combo list with strings like this to use on my chosen targets . There are plenty of strings in the list below. There are many other strings involving for instance UNION tableaccess via reading the error pages table structure thus an attack with this method will reveal eventually admin U\P paths.
The one I am interested in are quick access to targets
PROGRAM
i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit of success with a combo list formatted this way. Yesteday I loaded 40 eastern targets with 18 positive hits in a few minutes how long would it take to go through 40 sites cutting and pasting each string
combo example:
admin:’ or a=a–
admin:’ or 1=1–
And so on. You don’t have to be admin and still can do anything you want. The most important part is example:’ or 1=1– this is our basic injection string
Now the only trudge part is finding targets to exploit. So I tend to search say google for login.asp or whatever
inurl:login.asp
index of:/admin/login.asp
like this: index of login.asp
result:
http://www3.google.com/search?hl=en&ie=ISO…G=Google+Search
17,000 possible targets trying various searches spews out plent more
Now using proxy set in my browser I click through interesting targets. Seeing whats what on the site pages if interesting I then cut and paste URL as a possible target. After an hour or so you have a list of sites of potential targets like so
http://www.somesite.com/login.asp
http://www.another.com/admin/login.asp
and so on. In a couple of hours you can build up quite a list because I don’t select all results or spider for log in pages. I then save the list fire up Ares and enter
1) A Proxy list
2) My Target IP list
3) My Combo list
4) Start.
Now I dont want to go into problems with users using Ares..thing is i know it works for me…
Sit back and wait. Any target vulnerable will show up in the hits box. Now when it finds a target it will spew all the strings on that site as vulnerable. You have to go through each one on the site by cutting and pasting the string till you find the right one. But the thing is you know you CAN access the site. Really I need a program that will return the hit with a click on url and ignore false outputs. I am still looking for it. This will saves quite a bit of time going to each site and each string to find its not exploitable.
There you go you should have access to your vulnerable target by now
Another thing you can use the strings in the urls were user=? edit the url to the = part and paste ‘ or 1=1– so it becomes
user=’ or 1=1– just as quick as login process
Combo List
There are lot of other variations of the Injection String which I cannot put on my blog because that is Illegal. If you are interested I can send it to you through Email. Just write in your email address in comment and I will send it to you as early as possible but you need to remain patient it may take 1 or 2 days.
If u have any question pls comment
Showing posts with label Learn PHP. Show all posts
Showing posts with label Learn PHP. Show all posts
12 August 2012
“Hello World” Programs for top 10 programming language
Before you start learning any programming language, you must know that how much important andpopular the programming language is that you are going to learn.Because, learning itself is never a bad thing, we always motivate you to learn any new thing everyday. If your learning plan is in a managed and well planned way then you’ll never eat mud in the mid way.
Most of the programming language have same methodology and almost similar to each other. If you learn PHP you can easily understand C and vice versa and same with others, because they are totally related to each other.
"Hello World" Programs for top 10 programming language
One of the first programs that one usually writes when learning the first programming language is "Hello World". Today we’ll show you the top ten programming language you must learn in your life to get never ending career in Computer Programming. We’ll also show you the first program "Hello World" to begin with.
PHP
<?php
// Hello World in PHP
echo 'Hello World!';
?>
C#
//Hello World in C#
class HelloWorld
{
static void Main()
{
System.Console.WriteLine("Hello, World!");
}
JavaScript
<html>
<body>
<script language="JavaScript" type="text/javascript">
// Hello World in JavaScript
document.write('Hello World');
</script>
</body>
</html>
Perl
# Hello world in perl
print "Hello World!\n";
C
/* Hello World in C */
#include <stdio.h>
main()
{
printf ("Hello World!\n");
}
Ruby
# Hello World in Ruby
puts "Hello World!"
Java
// Hello World in Java
class HelloWorld {
static public void main( String args[] ) {
System.out.println( "Hello World!" );
}
}
Python
# Hello World in Python
print "Hello World"
VisualBasic.NET
'Hello World in Visual Basic .NET (VB.NET)
Imports System.Console
Class HelloWorld
Public Shared Sub Main()
WriteLine("Hello, world!")
End Sub
End Class
These were only the introduction, you can see how they are common to each other just to print "hello World" in your program window. Subscribe Hackspc.com to learn such programming languages.
}
Most of the programming language have same methodology and almost similar to each other. If you learn PHP you can easily understand C and vice versa and same with others, because they are totally related to each other.
"Hello World" Programs for top 10 programming language
One of the first programs that one usually writes when learning the first programming language is "Hello World". Today we’ll show you the top ten programming language you must learn in your life to get never ending career in Computer Programming. We’ll also show you the first program "Hello World" to begin with.
PHP
<?php
// Hello World in PHP
echo 'Hello World!';
?>
C#
//Hello World in C#
class HelloWorld
{
static void Main()
{
System.Console.WriteLine("Hello, World!");
}
JavaScript
<html>
<body>
<script language="JavaScript" type="text/javascript">
// Hello World in JavaScript
document.write('Hello World');
</script>
</body>
</html>
Perl
# Hello world in perl
print "Hello World!\n";
C
/* Hello World in C */
#include <stdio.h>
main()
{
printf ("Hello World!\n");
}
Ruby
# Hello World in Ruby
puts "Hello World!"
Java
// Hello World in Java
class HelloWorld {
static public void main( String args[] ) {
System.out.println( "Hello World!" );
}
}
Python
# Hello World in Python
print "Hello World"
VisualBasic.NET
'Hello World in Visual Basic .NET (VB.NET)
Imports System.Console
Class HelloWorld
Public Shared Sub Main()
WriteLine("Hello, world!")
End Sub
End Class
These were only the introduction, you can see how they are common to each other just to print "hello World" in your program window. Subscribe Hackspc.com to learn such programming languages.
}
How to Create Your Own Customized Run Commands
The Run command on Microsoft Windows operating system allows you to directly open an application or document with just a single command instead of navigating to it’slocation and double-clicking the executable icon. However, it only works for some of the inbuiltWindows programs such as Command prompt (cmd), Calculator (calc) etc. So, have you ever wondered how to create your own customized Run commands accessing your favorite programs, files and folders? Well, read on to find out the answer.
Creating the Customized Run Command
Let me take up an example of how to create a customized run command for opening the Internet explorer. Once you create this command, you should be able to open the Internet explorer just by typing “ie” (without quotes) in the Run dialog box. Here is how you can do that.
1. Right click on your Desktop and select New -> Shortcut.
2. You will see a “Create Shortcut” Dialog box as shown below
3. Click on “Browse”, navigate to: Program Files -> Internet Explorer from your Root drive(usually C:\) and select “iexplore” as shown in the above figure and click on “OK”.
4. Now click on “Next” and type any name for your shortcut. You can choose any name as per your choice; this will be your customized “Run command”. In this case I name my shortcut as “ie”. Click on “Finish”.
5. You will see a shortcut named “ie” on your desktop. All you need to do is just copy this shortcut and paste it in your Windows folder (usually “C:/Windows”). Once you have copied the shortcut onto your Windows folder, you can delete the one on your Desktop.
6. That’s it! From now on, just open the Run dialog box, type ie and hit Enter to open the Internet Explorer.
In this way you can create customized Run commands for any program of your choice. Say “ff” for Firefox, “ym” for Yahoo messenger, “wmp” for Windows media player and so on.
To do this, when you click on “Browse” in the Step-3, just select the target program’s main executable (.exe) file which will usually be located in the C:\Program Files folder. Give a simple and short name for this shortcut as per your choice and copy the shortcut file onto the Windowsfolder as usual. Now just type this short name in the Run dialog box to open the program.
I hope you like this post! Pass your comments.
Creating member login/register system using PHP and MySQL
In this tutorial, I am going to teach you how to create a simple login system using PHP and MySQL database.
Before beginning, I am making assuming that you have basic knowledge on PHP coding. However you may understand what I am doing if you have basic programming concepts.
Now let us summarize what we’ll be doing.
First we’ll be creating a database table with username, password and email (optional) columns. After creating the database, we’ll be using two input forms to login in login.php page. And three input forms in register.php. Then we’ll be verifying the entered username and password value with that on in the MySQL database disabling the un-authorized access to the specific part of your page. If your password matches with the record in the database then you’ll be automatically redirected to member.php which is only accessible to members.
For register
So let’s begin.
First create a database:
<?php
//connects to the database
$con= mysql_connect(“localhost”, “username”, “password”);
// creates command new database named user_logs
$dbase= “CREATE DATABASE user_logs”;
//creates new database using mysql_query function.
mysql_query($dbase, $con);
//selects recently created user_logs database
mysql_select_db(“user_logs”, $con);
//creates new user table with columns in user_logs dtabase.
$sqls = “CREATE TABLE user
(
username VARCHAR(15),
password VARCHAR(15),
email VARCHAR(50),
userID int NOT NULL AUTO_INCREMENT,
PRIMARY KEY(userID)
)”;
// Execute query
mysql_query($sqls, $con);
// closes the connection.
mysql_close($con);
?>
In the above setup, username and password have maximum number of character limited to 15.
You can add other columns to the table.
For example, if you want email address too then refer to the following sample of MySQLcommand.
CREATE TABLE table_name
(
Column1 VARCHAR(15),
Column2 VARCHAR(15),
Column3 VARCHAR(50),
columnID int NOT NULL AUTO_INCREMENT,
PRIMARY KEY(columnID)
)”;
Now we are done with the database. Save the above file as “create_db.php”.
Creating register form:
<form action=”register.php” method=”post”>
Name: <input />
password: <input name=”pwd” />
email: <input name=”mail”/>
<input/>
</form>
Now lets make a backend code using PHP.
<?php
//connects to the database.
$con= mysql_connect(“localhost”, “root”);
// if everything is empty then returns with message.
if (empty($_POST["user"]) || empty($_POST["pwd"]) || empty($_POST["mail"]) && isset($_POST["save"]))
{
echo “Please enter your username with maximum 15 characters and password with maximum 15 characters properly with valid email ID.”;
}
// if values are properly posted, applies md5 hash to the password.
if (isset($_POST["save"]) && $_POST["user"] && $_POST["pwd"] && $_POST["mail"])
{
$user = $_POST["user"];
$_POST['pwd'] = md5($_POST['pwd']);
$pwd = $_POST['pwd'];
$mail = $_POST["mail"];
}
// again when the value are properly posted, queries the database if the same username exists. If true then returns with message else writes on the database.
if (isset($_POST["save"]) && $_POST["user"] && $_POST["pwd"] && $_POST["mail"])
{
mysql_select_db(“user_logs”, $con);
$checkuser = mysql_query(“SELECT username FROM user WHERE username=’$user’”);
$username_exist = mysql_num_rows($checkuser);
}
if($username_exist > 0)
{
echo “The username you’ve request has already been taken, please try any other username.”;
}
elseif (isset($_POST["save"]) && $_POST["user"] && $_POST["pwd"] && $_POST["mail"]) {
mysql_select_db(“user_logs”, $con);
$write = “INSERT INTO user (username, password, email) VALUES (‘$user’, ‘$pwd’, ‘$mail’)”;
mysql_query($write, $con);
echo “Congraturlations, you’ve been registered”;
mysql_close($con);
}
?>
<br />
<span style=”text-align:right;”>Already registered? <a href=”login.php”>Click here to Login</a></span>
Save the above PHP script and register form in separate register.php file.
Now we will be creating forms for login and registration.
The form below is for login.php.
<form action=”login.php” method=”post”>
Name: <input />
password: <input name=”pwd” />
<input />
</form>
This time we’ll be applying this form inside the PHP backend code instead of applying it separately as we did with register.php.
The above form contains a submit button with username and password input field.
The backend part of login.php is somewhat complex. Before using the code below, let me tell you what it does.
As the page loads, it checks for the existence of cookies in your browser. If you have cookies already been set then it verifies it with the mysql database. If it comes true then it will redirect login.php to member.php(where your member’s page resides).
But if you don’t have cookies set in your browser, then it will load a user login form. When you log in, if the username and password matches with the one in database it will set a cookies for both username and password in your browser. And finally redirect your page to member.php. Else if your login information doesn’t matches, it returns with Try-again message and a login form.
<?php
//Checks if the cookie exists, if true then verifies it with the database.
if (isset($_COOKIE['user']) && isset($_COOKIE['pass']))
{
$usar = $_COOKIE['user'];
$pswd = $_COOKIE['pass'];
$con = mysql_connect(“localhost”, “root”) or die(“cannot connect”);
mysql_select_db(“user_logs”, $con) or die(“cannot select DB”);
$sql=”SELECT * FROM user WHERE username=’$usar’”;
$result=mysql_query($sql, $con);
$info=mysql_fetch_array($result);
//if verified redirects your page to member.php
if (mysql_num_rows($result)==1 && $pswd!= $info['password'])
{
header (“Location: member.php”);
}
}
// other wise if you don’t have cookies set you’ll already be welcomed with the login form which is executed from the bottom of this PHP page. And if you input your username and password it will check and verify with the mysql database.
if (isset($_POST['save']))
{
$con = mysql_connect(“localhost”, “root”) or die(“cannot connect”);
mysql_select_db(“user_logs”, $con) or die(“cannot select DB”);
$user = $_POST["user"];
$pwd = md5($_POST['pwd']);
$sql=”SELECT * FROM user WHERE username=’$user’”;
$result=mysql_query($sql, $con);
$info=mysql_fetch_array($result);
if (mysql_num_rows($result)==1 && $pwd!= $info['password'])
{
$hour = time() + 60;
setcookie(user, $_POST['user'], $hour);
setcookie(pass, $_POST['pwd'], $hour);
header (“Location: member.php”);
}
//if false user information then returns with try-again message and a login form.
else {
echo “Access denied. Try re-entering your username and password, if you haven’t registered yet, <a href=’register.php’>Click here to register</a>”;
echo “<title>Login module</title>”;
echo “<form action=’login.php’ method=’post’>”;
echo “Name: <input type=’text’ name=’user’ />”;
echo “password: <input type=’password’ name=’pwd’ />”;
echo “<input type=’submit’ name=’save’/>”;
echo “</form>”;
}
}
// if nothing is true or neutral then loads login form only.
else {
echo “<title>Login module</title>”;
echo “<form action=’login.php’ method=’post’>”;
echo “Name: <input type=’text’ name=’user’ />”;
echo “password: <input type=’password’ name=’pwd’ />”;
echo “<input type=’submit’ name=’save’/>”;
echo “</form>”;
}
?>
You may be wondering why I used cookies. This is because, if you mistakenly or by change went to login.php, you won’t have to re-enter your username and password again and again.
Now we’ll create a secure page where only members can access. If guests or other tries to access to this page it will prompt for the username and password.
Again we’ll be checking if the cookies exists or not, if the cookies value matches with database, it will welcome you to your member’s page. This is then a secured page where only people with proper username and password can access.
<?php
if (isset($_COOKIE['user']) && isset($_COOKIE['pass']))
{
$user = $_COOKIE['user'];
$pwd = $_COOKIE['pass'];
$con = mysql_connect(“localhost”, “root”) or die(“cannot connect”);
mysql_select_db(“user_logs”, $con) or die(“cannot select DB”);
$sql=”SELECT * FROM user WHERE username=’$user’”;
$result=mysql_query($sql, $con);
$info=mysql_fetch_array($result);
if (mysql_num_rows($result)==1 && $pwd!= $info['password'])
{
echo “Welcome “;
echo $_COOKIE['user'];
echo ” to your main page.”;
}
else
{echo “Sorry wrong password”;}
}
else {
include (“login.php”);
}
Instead of following block of codes,
echo “Welcome “;
echo $_COOKIE['user'];
echo ” to your main page.”;
you can add other codes here, for example details of user and their inputs with dynamic webpage.
Note: you may also apply addcslashes() function to every inputs from input forms to get rid of MySQL injections. Make sure that your mysql Host, Username and Password is right one.
Hope from this tutorial you got cleared how to create a PHP and MySQL based secure and advanced login system for your browser.
If you have any question please comment
15 July 2012
PHP Tutorial:Getting Visitors IP Addresses
Hello Friends i decided to post some tutorials on PHP and HTML5 from today.I hope you will enjoy this.
If you are not having the knowledge of PHP.Then follow our blog you will surely learn PHP from here
So my first tutorial is how to get the visitor IP Address using PHP.
We Always think how the websites grab our IP Address when we visit them. So today by this tutorial i will totally explain the reason or we can say that coding behind it.
To Do So First of all create a conf.inc.php file as i shown in the the screenshot.
Remember: Save all the the files on www folder where your wamp server is installed.
In this Screenshot:
Step(1):In first Line We Can Start PHP(we all know that php starts with "
Step(2):In second step we can create a variable with name "$ip_address".This Variable help us in grab the ip address.
Step(3):In third step we can close the PHP By Using "?>".
Now We can create a index2.php file and call conf.inc.php file on it.see the screenshot below.
Step(1):In first line start PHP.
Step(2):In second line here we can use a function(require) and call the conf.inc.php file on it.
Step(3) in last line we can use "echo" which is use to print. same as we can use "printf" in c and "cout" in c++
Now start your wamp server and call the index.php file.((Like http://localhost/index2.php))
Because we are working on local host so our browser shows the ip address 127.0.0.1 See Screenshot Below.
So here is the answer of your question that how the website owner grab your ip address.
I hope you like my post.Wait for my another tutorial or Subscribe us.Leave a comment below if you are having any query.
Google API Login System Using PHP|Google Login
See The Live Demo::: Click Here
Download Script:::Click Here
The Step By Step Tutorial Is below::
Step1:We required a server.In this tutorial i work on 000Webhost. Which is free web hosting website.
Note:This Script is not run on local host.
Step2:After login you will see a screen as in my screenshot.Then Create a domain by clicking on create new domain.
CREATE TABLE users
(
id INT PRIMARY KEY AUTO_INCREMENT,
email VARCHAR(70),
oauth_uid int(11),
oauth_provider VARCHAR(100),
username VARCHAR(100)
);
session_start();
if (isset($_SESSION['id'])) {
// Redirect to home page as we are already logged in
header("location: home.php");
}
if (array_key_exists("login", $_GET))
{
$oauth_provider = $_GET['oauth_provider'];
if ($oauth_provider == 'google')
{
header("Location: login-google.php");
}
}
?>
Download Script:::Click Here
The Step By Step Tutorial Is below::
Step1:We required a server.In this tutorial i work on 000Webhost. Which is free web hosting website.
Note:This Script is not run on local host.
Step2:After login you will see a screen as in my screenshot.Then Create a domain by clicking on create new domain.
Step3:After clicking create new you will see a screen as i shown in my screenshot.Then make a domain.i choose free domain.And named it as u want.And also choose a password.
Step4:After clicking on setup new account you will see a main page.Also remember you can create only one domain in 24 Hour.And After this step your domain is ready to use.
Step5:To make gmail login first step is create database.To Create a Database click on MySql.As Shown In Screenshot.
Step5:To make gmail login first step is create database.To Create a Database click on MySql.As Shown In Screenshot.
Step6:Create a Databse with name Users.Here The Login Data is stored.Also Gives Password.And then click on create databse.After clicking your database is created.
Step7:After clicking create databse you will see a screen shown below.Then click on ":go to control panel".
Step8:Then by clicking on control panel you will see main page then go to PHPMYADMIN as shown in screensot.
Step9:Then click on php myadmin as shown in screenshot.
Step10:After clicking on phpmyadmin you will see a screen as shown below the click on sql and run the following query to create database tables.
(
id INT PRIMARY KEY AUTO_INCREMENT,
email VARCHAR(70),
oauth_uid int(11),
oauth_provider VARCHAR(100),
username VARCHAR(100)
);
Step11:To the tables click on the left side database name as in our screenshot shown.
Step12:After this step go to your server home page.And click on File Manager.
Step13:On clicking file manager you will see a Screen Like Below. Now click on the public html.
Step14:After clicking public html you will see a screen like below.Then click on the upload button.
NOTE:Dont click on java upload button.
NOTE:Dont click on java upload button.
Step15:In this step you have to upload the script.To download the script click here.Before uploading the file we have to make some changes.
The first step here is to change the dbconfig.php file.
define('DB_SERVER', 'dbserver');
define('DB_USERNAME', 'username');
define('DB_PASSWORD', 'password');
define('DB_DATABASE', 'database');
define('USERS_TABLE_NAME', 'users_table_name'); //Replace your users table name here
$connection = mysql_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD) ordie(mysql_error());
$database = mysql_select_db(DB_DATABASE) or die(mysql_error());
?>
Step16:login-google.php. In root directory find out the below line at login-google.php code and replaceyourdomain.com with your own domain value.
define('CALLBACK_URL', 'http://yourdomain.com/getGoogleData.php');
The first step here is to change the dbconfig.php file.
define('DB_SERVER', 'dbserver');
define('DB_USERNAME', 'username');
define('DB_PASSWORD', 'password');
define('DB_DATABASE', 'database');
define('USERS_TABLE_NAME', 'users_table_name'); //Replace your users table name here
$connection = mysql_connect(DB_SERVER, DB_USERNAME, DB_PASSWORD) ordie(mysql_error());
$database = mysql_select_db(DB_DATABASE) or die(mysql_error());
?>
In this step give your Db Server Name,db Username,db Password,Db database Name.
Step16:login-google.php. In root directory find out the below line at login-google.php code and replaceyourdomain.com with your own domain value.
define('CALLBACK_URL', 'http://yourdomain.com/getGoogleData.php');
Step17:index.php
If you want to modify your web project existing login or index pages, just use following code. session_start();
if (isset($_SESSION['id'])) {
// Redirect to home page as we are already logged in
header("location: home.php");
}
if (array_key_exists("login", $_GET))
{
$oauth_provider = $_GET['oauth_provider'];
if ($oauth_provider == 'google')
{
header("Location: login-google.php");
}
}
?>
Step18: home.php
In home page you can display user details by accessing session variables.
Name:
Email:
Your are logged in with:
Logout from
In home page you can display user details by accessing session variables.
Name:
Email:
Your are logged in with:
Logout from
So in this tutorial we will cover how to make domain and how to login with php.
Subscribe to:
Posts (Atom)
Top 9 Simple Things Every Computer User Should Know How to Do
10. We all know we should back up our computers, but it’s always one of those things that you’ll set up “one day”. Setting up a ba...
-
As you all may know be you a computer savvy or elementary user, almost installed PC software and programs run on dll files extension. Be i...
-
Windows 7 is a “user-centric” version of the Windows operating system that is faster, more reliable, and more secure than previous version...
