Rus Articles Journal

How to crack the website?

For a start we will decide that I do not urge someone to crack with this article someone`s the Internet at all - resources, using the methods described below.

A main objective of article - to show to the user importance of a subject of data protection on the Internet on the example of the website which is not protected properly. As a way of attack to the website the most widespread method of breaking of the website - SQL - an injection will be used, perhaps.

For a start we will decide that one and all modern volume, difficult websites are under construction on the basis of the database. Work with the data which are stored in the database of your website is carried out by means of structural language of inquiries of SQL.

SQL - an injection - technology of introduction in initial SQL - inquiry of the certain code (which is not breaking structure of the inquiry) for the purpose of receiving access to the data which are contained in a DB.

Thus under certain conditions, connected, as a rule, with absence in a code and inquiries of the website of functions sent for data protection, the burglar can by means of SQL - to read to an injection contents of any tables, and also to remove, change or add data, to have an opportunity of reading and/or record of local files and performance of any teams on the attacked server. Let`s long not stop on the theory and we will pass to actions.

So, for a start we will get acquainted with such concept as data transmission by GET method. Whether you noticed, traveling around pages of the infinite Internet that references around which you travel, often have a type appearance:

www. õõõõõõ. ru/index. php? something = to something &åùå_÷òî - = eshche_chy - ,

where on the place my conditional “something“ and to “something“ is cost by various values.

And so, know that url looking in this way comprise certain information, namely: the question mark is followed at first by a variable (her name), and then = its value. The sign also separates variables from each other.

And all this becomes only in order that the page which you address could change depending on these variables, that is their values are transmitted by that GET method to a code of pages of the website, there these values are processed, and on the basis of the received results and ours turns out a web - the page.

But only ponder! Nobody can forbid you to take and to manually correct this url, to make it such as it is necessary for you, to press after that the enter key and to send data of this url - and for processing to the DB server!! Exactly there is also a possibility of introduction of SQL - an injection .

So, we will begin. We have the website which on the basis of the id parameter transferred by the GET method takes out certain data from a DB and forms our page on their basis. Here a code of this SQL - request which processes our data from url - and:

$result3 = mysql_query (`SELECT * $id FROM raspisanie WHERE cat=`) .

If to translate into Russian, the inquiry carries out selection of all data from the raspisanie database where the field cat= of $id. In fact everything that in inquiry there is our variable $id which we give from url - and, to us is not important any more, and later I will explain why. Now we will understand with url - ohm. Let initially it look so:

www. õõõõõõ. ru/index. php? id=3 .

That is we give to this url - inquiry the id=3 parameter, and the page is formed on the basis of this parameter, it means is located in our SQL - inquiry and it turns out that from the database all data from the table raspisanie where the field cat= of $id=3 are taken. And now we will pass to the most interesting. Let`s say we know that in the database of the attacked website in the table users login and the password from an administrator zone of the website - are stored in the fields login and password respectively. And then, having just changed our url as follows:

www. õõõõõõ. ru/index. php? id =3+union+select+1,2, login, password, 5,6,7 +from+user / *

- the page will place all this big variable in our inquiry which will begin to look as

of $result3 = mysql_query (`SELECT * FROM raspisanie WHERE cat=3 union select 1,2,login,password,5,6,7 from user / *`) .

And, having processed such new request which does not break structure of tables DB in any way, the server itself will return to us, besides the usual information corresponding to id=3 value also login with the password from the website!

That it was absolutely clear, I will translate our new “magic inquiry“:

“To choose all data from the table raspisanie, where the field cat=3, and also to make other request: to bring, besides the obtained data, value of login and the password out of the table users“ .

Number 1, 2 etc. are any and are used for preservation of structure of inquiry, and the number of such values is defined by selection - until the number of such values does not become equal to number of values which are brought out of the database by default.

Names of the table users and value of fields for login and the password are also defined by selection, agree, everywhere they have approximately identical names. And, at last, symbols at the end of our url - and “/*“ serve for rejection of a tail of initial inquiry in case of its presence that it did not break structure of the inquiry introduced.

So, we is evident, on the example of successful introduction of SQL - an injection, got acquainted with one of possible ways of breaking of the website.

Do not neglect questions of information security of the website and sleep peacefully!