Oceanic
Php / C++ / MySQL
This guide will help you to improve your security on your servers.
To use this guide you shall my-SQL installed and use a AAC page.
Step 1 - Basics
First make sure that you dont use the default username and password. You can do this very simple with this code
If you got the message:
Step 2 - phpmyadmin
Just because your SQL is safe it dosent mean that it is impossebile to hack, almost all server-applications have some problems.
Always check so phpmyadmin is not able to access your SQL server.
Step 3 - XSS
XSS (Cross-site scripting) is a method that is able to do when a user is able to input own html code into the website.
Most time you steal the cookies from the one you want passwords from, and then use his cookies to access the persons account.
One easy way to do this is when a user import external scripts.
All you need is some experience in javascript.
Step 4 - SQL-Injection
The last thing is the SQL-Injection. This is the most popular method to use, you find a place to inject a " or ' character into a input field. If you success you may get an error that says:
Step 5 - Last word
This was all, hope you have some use of it, because many server has problems with this.
To use this guide you shall my-SQL installed and use a AAC page.
Step 1 - Basics
First make sure that you dont use the default username and password. You can do this very simple with this code
PHP:
<?
mysql_connect("localhost", "root", "") or die(mysql_error());
echo "You have a security problem";
?>
Then your SQL is safe.Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: NO) in D:\xampp\htdocs\index.php on line 2
Access denied for user 'root'@'localhost' (using password: NO)
Step 2 - phpmyadmin
Just because your SQL is safe it dosent mean that it is impossebile to hack, almost all server-applications have some problems.
Always check so phpmyadmin is not able to access your SQL server.
The best thing to do is to delete the folder phpmyadmin in the xampp folder. Because it is possebile to Bruteforce it.
Step 3 - XSS
XSS (Cross-site scripting) is a method that is able to do when a user is able to input own html code into the website.
Most time you steal the cookies from the one you want passwords from, and then use his cookies to access the persons account.
One easy way to do this is when a user import external scripts.
HTML:
<script src="http://location_to_the_script.js">
Step 4 - SQL-Injection
The last thing is the SQL-Injection. This is the most popular method to use, you find a place to inject a " or ' character into a input field. If you success you may get an error that says:
If some one use "union select" or "show tables" they can be able to get all the server informationYou have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1
Step 5 - Last word
This was all, hope you have some use of it, because many server has problems with this.