Monday, June 29, 2009

SQL Injection: Tutorial Part 1

SQL Injection
What? What is SQL ? SQL stands for Structured Query Language, It is the most widely used database querying language. Before reading on I must say that this is an old technique and I dint want this to be posted because most sites have patched up this hole. I am posting this for the few websites I came across that had this vulnerability. If you have a website or planning to build one or administrates one please read on and fix the security holes.

Warning: The following methods may be illegal, given for illustration purpose only.

Most dynamic websites use a database server such as SQL Server from Microsoft, MySQL, etc. To demonstrate what SQL injection is, let us see a piece of code that is used as a login script. Most ASP websites use a code like this:

<%
user = Request.Form("user")
pass = Request.Form("pass")
SQL = "SELECT * FROM users WHERE username='" & user & _
"' AND password='" & pass & "'"
' Execute the SQL ...
%>


This is an example of a poor code which is vulnerable to SQL injection. In this example we can see that the user input of user and pass is directly included in the SQL query.

A legitimate user enters his details, say
user=digitalpbk
pass=password

The SQL query would be constructed as based on the code as
SELECT * FROM users WHERE user='digitalpbk' 
AND pass='password'


Now in order to demonstrate or find if there is an SQL injection hole, all an user has to do is add a ' (single quote) to the username and/or password fields, say
user=digitalpbk
pass=password'

Now the SQL query would be constructed as
SELECT * FROM users WHERE user='digitalpbk'
AND pass='password''


This will throw up an invalid SQL and if the errors are not supressed you will get a screen as shown below:



So if we modify the user input field pass such that
user=digitalpbk
pass=password' OR '1'='1,

the constructed SQL query would be
SELECT * FROM users WHERE user='digitalpbk'
AND pass='password' OR '1'='1'


Which is a valid query and it would always return true.

This validates the user and logs him in without even checking the username or password.

Prevention/Security Measures
Always escape or filter user input fields. It takes lesser time to do user input filtering (than posting about cyberlaws ). This type of vulnerability is because of the poor codes on the server which practically hands over you the control.

The method demonstrated here is just the teaser, you can do much more sinister things with SQL injection like dropping tables (which is not a good thing)

to be continued...

In case you find a website with such a vulnerability, please inform the webmaster of the condition and refer this page (in case they are ignorant).

Be ethical
Happy Browsing...

Thursday, June 11, 2009

Tata Indicom Wimax Broadband Connection sharing via Wireless router (D-Link)

Intro: Tata Indicom Wimax Broadband
We got a new Tata Indicom WiMax Broadband connection, and one of the first problems was sharing the net connection with the room mates. After doing a little research on it I found

  • Tata Indicom uses a net (HTTP) based authenticating system to logon you onto their servers, against conventional setup of PPPoE. https://loginban.tataindicombroadband.in:8443


Connection Sharing
In order to enable connection sharing and browsing first you have to get a router. We used a D-Link Router DIR-300 Wireless Router (Approx cost Rs. 2100). These are the following steps to configure the router. First connect the CPE (Customer Premise Equipment) or simply the small box that comes with a LAN cable onto your routers Internet Port
  • Goto your router URL (default http://192.168.1.1/) Login using your default username (admin) and password(blank) (for D-Link)
  • In the page click the Manual Internet Connection Setup
  • Under Internet Connection Type
    Choose My Internet Connection is : Dynamic IP (DHCP)
  • Press Save Settings
  • Turn off the plugs and turn it on

  • The key thing about Tata connection is to have Patience, wait for some 5 - 10 minutes
  • Open up the browser and goto your favorite site, it will redirect to the Tata Indicom Login page, any one of you login and everyone can browse the internet


Security Note:
Change your default Router password
Change your default Tata Indicom Broadband Password
Add WEP or WPA Encryption to your router if you are using wirless
Enable Access Control and limit by MAC address to fully secure your network from free riders.

Enjoy surfing :)

Wednesday, June 3, 2009

Resync iPod to new iTunes Library without Erasing or loosing your music

Intro
It is a mess if you reinstall your computer or lost your iTunes library or you want to add a song from your office computer but your iTunes keeps on saying about "Erase and Resync" your library. Erasing and Resyncing is foolish, because you will loose all your favorite songs on your iPod. Follow these steps to resynch iTunes from iPod.

  • Close iTunes if running and Goto the iTunes folder
    (My Documents\My Music\iTunes\ on Windows XP)
  • Clear your current iTunes library by deleting iTunes Library.itl and iTunes Music Library.xml
    Note:This step will erase your iTunes library only not your music files :)
  • Now plug in your iPod and it will be detected as a removable media on Windows.
  • Goto My Computer and open the drive
  • If it is empty, goto Tools > Folder Options > And tick Show Hidden Files and Folders Option
  • Copy the iPod_control folder to any drive on your computer.
  • After copying now run iTunes and press erase and resync.
  • Your iTunes library would be empty so it is okay to resynch.
  • Now unhide the folder you copied over to your drive by right clicking and selecting the properties menu item, and untick the hidden attribute.
  • Start iTunes
  • Drag that folder to your iPod to resync it.
  • TADA, your iPod is resynced with a new iTunes Library