WHAT IS SQL INJECTION (SQL INJECTION KYA HOTA HAI) - Tech World

Breaking

Comments

Saturday, 10 June 2017

WHAT IS SQL INJECTION (SQL INJECTION KYA HOTA HAI)

WHAT IS SQL INJECTION (SQL INJECTION KYA HOTA HAI)


Sabse pahle to SQL means hota kya hai ? SQL means hota hai sequential query language. Aur ye language jyadatar database banana k kaam m ati hai. Waise to aap log data base k bare m jante he honge ki database aakhir hota kya hai agar nahi to m thoda sa brief m aapko bata deta hu. Database wo place hota hai ya fir aap ek container v consider kar sakte hai ki jisme kisi v website ka saara data (usernames, passwords, website ki posts ka sara data) include hota hai. To agar koi website hack kar le to kya hoga website ka saara data leak ho jayega. Lekin koi v website itni aasaaani se hack nahi hoti hai. To iske liye he SQL injection ka use kiya jaata hai.






Aap jab v koi website open karte honge to aapko URL (Uniform Resource Locator) m website ka name aur uske peeche slash(/) type ka aur uske peeche kuch ? ka sign numbers lettrs ka combination dikhta hoga. To ye sab kya hai, ye sab he queries hoti hai jo ki data base k andar store rahti hai. Agar aap is URL ki queries ko change karte hai aur apne hisaab se kuch number aur digits change kar dete hai to database koi v result nahi deta hai kyu? Kyuki jo query aapne insert ki hai us name ka koi v data Database m hai he nahi to wo show kaha se hoga. To ase m kai log koi website ko open karte hai aur uske functions ye sab cheejein notice karte hai ki website k database ka kis type ka response aa raha hai etc.




To ase cases m wo log apni taraf se URL m queries bana k insert karte hai aur un queries p database ka response ata hai. To database k response se wo log samaj jate hai ki database ka response ka type kaisa hai aur wo usme loop hole dhoondte hai website k database m enter karne k liye. Database m agar us name ki koi query hogi to databse uska result show kar dega agar nahi to nahi show karta hai. To log bar bar queries insert karte rahte hai random numbers aur letters ko combine karke. To bhut baar try karne k bad koi na koi query asi to hogi ki jo itne bade database m kahai na kahi match kar jaye.







Database jo hota hai wo ek bhut bada container type ka v hum consider kar sakte hai usme posts ka data, usernames, passwords aur v security related data hota hai. To koi v yahai chahega ki usko username aur password mil jaye. To database k andar bhut saare columns(Drawer) hote hai to ase m kaise pata chalega ki kon se drawer m username aur password hai to basically saare databases ka model aur type ek he jaisa hota hai aur 3 column m commonly usernames aur passwords stored rahte hai. To ase he bhut saari queries ka use karke database ko confuse kiya jata hai aur randomly database m stored koi query match ho jati hai aur database ko hack kar liya jata hai.



SQL injection se hackers aapki Facebook id ya koi v online account v hack kar sakte hai inhi queries ka use karke aur aapka username aur password gain kar sakte hai. SQL m na he web developer ko kuch pata chal pata hai jab uske database par fake queries try ki jati hai. Bas simply se database ko confuse karke galat queries dekar username aur password gain kar liye jate hai.


Jab ye queries successful ho jati hai to jo Database hota hai wo dropdown ho jata hai. Dropdown ka mtlb ye hota hai ki jo username aur password ka drawer hota hai wo seedhe download ho jata hai query bhejne wale k computer or device m, saare usernames aur passwords k sath.


This article is for only educational purpose and for informing about the internet security and database management. I hope you will like this article and gainknowledge about cyber security and databases.
Post a Comment

Contact Form

Name

Email *

Message *

Post Top Ad

Delivered by FeedBurner