SQL Injection: Tutorial Part 1

SQL Injection
What? What is SQL ? SQL stands for Structured Query Language, It is the most widely used database querying language. Before reading on I must say that this is an old technique and I dint want this to be posted because most sites have patched up this hole. I am posting this for the few websites I came across that had this vulnerability. If you have a website or planning to build one or administrates one please read on and fix the security holes.

Warning: The following methods may be illegal, given for illustration purpose only.

Most dynamic websites use a database server such as SQL Server from Microsoft, MySQL, etc. To demonstrate what SQL injection is, let us see a piece of code that is used as a login script. Most ASP websites use a code like this:

<%
user = Request.Form("user")
pass = Request.Form("pass")
SQL = "SELECT * FROM users WHERE username='" & user & _
      "' AND password='" & pass & "'"
' Execute the SQL ...
%>

This is an example of a poor code which is vulnerable to SQL injection. In this example we can see that the user input of user and pass is directly included in the SQL query.

A legitimate user enters his details, say
user=digitalpbk
pass=password

The SQL query would be constructed as based on the code as

SELECT * FROM users WHERE user='digitalpbk' 
AND pass='password'

Now in order to demonstrate or find if there is an SQL injection hole, all an user has to do is add a ' (single quote) to the username and/or password fields, say
user=digitalpbk
pass=password'

Now the SQL query would be constructed as

SELECT * FROM users WHERE user='digitalpbk'
 AND pass='password''

This will throw up an invalid SQL and if the errors are not supressed you will get a screen as shown below:



So if we modify the user input field pass such that
user=digitalpbk
pass=password' OR '1'='1,

the constructed SQL query would be

SELECT * FROM users WHERE user='digitalpbk'
 AND pass='password' OR '1'='1'

Which is a valid query and it would always return true.

This validates the user and logs him in without even checking the username or password.

Prevention/Security Measures
Always escape or filter user input fields. It takes lesser time to do user input filtering (than posting about cyberlaws ). This type of vulnerability is because of the poor codes on the server which practically hands over you the control.

The method demonstrated here is just the teaser, you can do much more sinister things with SQL injection like dropping tables (which is not a good thing)

to be continued...

In case you find a website with such a vulnerability, please inform the webmaster of the condition and refer this page (in case they are ignorant).

Be ethical
Happy Browsing...

Tata Indicom Wimax Broadband Connection sharing via Wireless router (D-Link)

Intro: Tata Indicom Wimax Broadband
We got a new Tata Indicom WiMax Broadband connection, and one of the first problems was sharing the net connection with the room mates. After doing a little research on it I found

• Tata Indicom uses a net (HTTP) based authenticating system to logon you onto their servers, against conventional setup of PPPoE. https://loginban.tataindicombroadband.in:8443

Connection Sharing
In order to enable connection sharing and browsing first you have to get a router. We used a D-Link Router DIR-300 Wireless Router (Approx cost Rs. 2100). These are the following steps to configure the router. First connect the CPE (Customer Premise Equipment) or simply the small box that comes with a LAN cable onto your routers Internet Port

• Goto your router URL (default http://192.168.1.1/) Login using your default username (admin) and password(blank) (for D-Link)
• 
  
• In the page click the Manual Internet Connection Setup
• Under Internet Connection Type

  Choose My Internet Connection is : Dynamic IP (DHCP)

• Press Save Settings
• Turn off the plugs and turn it on


• The key thing about Tata connection is to have Patience, wait for some 5 - 10 minutes
• Open up the browser and goto your favorite site, it will redirect to the Tata Indicom Login page, any one of you login and everyone can browse the internet

Security Note:
Change your default Router password
Change your default Tata Indicom Broadband Password
Add WEP or WPA Encryption to your router if you are using wirless
Enable Access Control and limit by MAC address to fully secure your network from free riders.

Enjoy surfing :)

Resync iPod to new iTunes Library without Erasing or loosing your music

Intro
It is a mess if you reinstall your computer or lost your iTunes library or you want to add a song from your office computer but your iTunes keeps on saying about "Erase and Resync" your library. Erasing and Resyncing is foolish, because you will loose all your favorite songs on your iPod. Follow these steps to resynch iTunes from iPod.

• Close iTunes if running and Goto the iTunes folder
  (My Documents\My Music\iTunes\ on Windows XP)
• Clear your current iTunes library by deleting iTunes Library.itl and iTunes Music Library.xml
  Note:This step will erase your iTunes library only not your music files :)
• Now plug in your iPod and it will be detected as a removable media on Windows.
• Goto My Computer and open the drive
• If it is empty, goto Tools > Folder Options > And tick Show Hidden Files and Folders Option
• Copy the iPod_control folder to any drive on your computer.
• After copying now run iTunes and press erase and resync.
• Your iTunes library would be empty so it is okay to resynch.
• Now unhide the folder you copied over to your drive by right clicking and selecting the properties menu item, and untick the hidden attribute.
• Start iTunes
• Drag that folder to your iPod to resync it.
• TADA, your iPod is resynced with a new iTunes Library

Timezone: PHP, Shell and Crontab

Programming in different timezones can be a headache if not taken care off initially. Codes written to work in one time zone can go wrong when ported to a server that runs on another Timezone. There a few things to take care off when you change from server to server.

PHP

By default PHP uses the Timezone that is set in the server or php.ini configuration files. Inorder to make a robust php code that can work in any server environment, it is always a good practice to set the Timezone in the code written.

date_default_timezone_set(Timezone)

is the PHP function to set the Timezone in PHP. This can take care of most of the timezone anomalies that can occur in your script when using PHP's Date Function.
Timezone is a string, for example for Indian Standard Time it is "Asia/Calcutta", for LA it is "America/Los_Angeles" etc. Checkout PHP Timezone list for a complete list of timezones.

Shell
In a shell the date command gives you the localtime at the SERVER. In order to set the Timezone to your area, we have to set the appropriate environment variable.

export TZ="/usr/share/zoneinfo/{Continent}/{Place}"
Eg:
export TZ="/usr/share/zoneinfo/Asia/Calcutta"

Add this snippet to your .bashrc to set your timezone to your localtime.

Crontab
Crontab runs in the same timezone as the server, so for now the best thing to do is calculate the offset between the server timezone and your localtime zone, and plan your crontab accordingly.

For example if you are in IST and the server is in GMT, which has an offset of +05:30 from IST, add your cron such that it runs localtime - 05:30 hrs on the server. ie
localtime - (offset time).

It would be easy to write a script to do this for you.

Orkut YouTube Facebook etc Blocked ?? Follow this guide to Unblock

Blocked ??!!!

Most of you may be out there to desparately find out how to unblock all these social networking sites. The solution is to use a proxy. You can use proxy sites available all over the internet, or set up your on SSH proxy if you have an SSH server.

Setting up an SSH server is easy. If you have a machine at home, install any linux distribution with SSH server enabled. Now grab hold of your Home machine IP address and proceed to this page to setup your SSH Proxy.

Alternatively if you don't have the luxury of setting up an SSH machine at home, search on Google "Free Shell Accounts", "Free SSH Accounts", "Free SSH server", etc and sign up with anyone. Beware that your credentials will be passed to these servers while logging in. So it is always secure to use one at your home. Still if you are so desperate, you can do so :D ...

SSH Proxy Setup