An SQL Injection is when an attacker executes invalid or threat SQL statements where it is used to control the database server of a web application. It is used to modify, add or delete the records in the database without the user’s knowledge. This compromises the data integrity. One of the most important step to avoid SQL injection is input validation.
Cyber security & Ethical hacking Tutorial Video:
Types of SQL Injection:
There are different types of SQL Injection attacks such as –
- Classic or In-band SQL Injection
- Error-based – Attacker uses the error generated by database to attack the
- Union-based – Leverages UNION SQL operator to combine to a response to return to HTTP response.
- Blind or Inferential SQL Injection
- Boolean-based – Based on TRUE or FALSE return
- Time-based – Sends SQL injection that forces database to wait before responding.
- Out-of-band SQL Injection – It occurs when the attacker cannot use the same channel to attack and gather results.
Tools for SQL injection:
There are few tools used for SQL injection attack such as –
- SQLMap – It is used for automatic SQL Injection And it is a Database Takeover Tool
- Blind-Sql-BitShifting – It is a blind SQL Injection using BitShifting
- jSQL Injection – It is a java tool used for automatic SQL Database Injection
- BBQSQL – It is a blind SQL Injection Exploitation Tool
- Whitewidow – Scanning tool for vulnerability of SQL Database
- explo – It is a human And Machine-Readable Web Vulnerability Testing Format
- Leviathan – It is a wide range audit toolkit
- Blisqy – It is used to exploit time-based blind-SQL injection in HTTP-Headers
SQL injection detection tools:
Spider testing tool is used to identify the SQL injection holes manually by using GET or POST requests. Resolving the vulnerabilities in the code can prevent SQL injections. A web vulnerability scanner can used to identify the defects in the code to fix it to prevent SQL injection. Firewalls in application layer or web application can be used to prevent intrusion.
Wireless network hacking:
Wireless networks or WiFi are the current generation most preferred medium of network connectivity but they are subjected to a lot of security issues. If the attacker has access to the network connection, then he can easily sniff the network packets from nearby location. They use sniffing to find the SSID and hacks wireless network, then they monitor the devices connected to the same network SSID. If you are using WEP authentication, then it can subjected to dictionary attacks. They use RC4 encryption algorithm to create stream ciphers which is easy to crack. If you are using WPA authentication, then it is vulnerable to DOS attacks and dictionary attacks.
Tools used for Wireless network hacking:
For WEP cracking tools, the attackers use Aircrack, WEPcrack, Kismet and WEPDecrypt. For WPA cracking, tools like CowPatty, Cain & Abel are used. There are also other general types of tools used for Wireless network hacking such as Airsnort, wireshark, Netstumbler, Wifiphisher and so on.
Mobile platform hacking:
Mobile phones have become the most used device by everyone. Android is the most common platform, but it is susceptible to certain vulnerabilities which makes the hackers to exploit the security of the device and compromise it. The biggest hacking threats to android is data in transit (Wireless hacking), third party applications and SMS, e-mail Trojans. In order to protect the android device, we can use SSL encryption for the device, download only trusted android third party apps and not be subjected to any suspicious email or SMS threads.
Tools in mobile platform hacking:
There are several tools used for android hacking such as AndroRat, Hackode, zANTI, Droidsheep, DroidBox, NMap and so on. Similarly iOS devices can be subjected to hacking using iRET, iWep Pro, iSpy, Hopper App, Frida and so on.