Website Hacking Methods
Website hacking is, obviously, the art of hacking websites. This can be done in numerous ways:
● SQL Injection
● XSS
● RFI
● LFI
(Structured Query Language Injection)
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.
Definition from http://en.wikipedia.org/
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications that enables attackers to inject client-side script into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy. Cross-site scripting carried out on websites accounted for roughly 80% of all security vulnerabilities documented by Symantec as of 2007.[1] Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
Definition from http://en.wikipedia.org/
Remote File Inclusion (RFI) is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can lead to something as minimal as outputting the contents of the file, but depending on the severity, to list a few it can lead to:
● Code execution on the web server
● Code execution on the client-side such as JavaScript which can lead to other attacks such as cross site scripting (XSS).
● Denial of Service (DoS)
● Data Theft/Manipulation
Definition from http://en.wikipedia.org/
Local File Inclusion (also known as LFI) is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected. A typical example of a PHP script vulnerable to LFI is as follows:
$file = $_GET['file'];
if(isset($file))
{
include("pages/$file");
}
else
{
include("index.php");
}
?>
Definition from http://hakipedia.com/
Possible helpful links
http://thehackerlounge.blogspot.com/2009...mysql.html
http://ferruh.mavituna.com/sql-injection...sheet-oku/
http://www.w3schools.com/sql/default.asp
http://www.steve.org.uk/Security/XSS/Tutorial/
http://r00tsecurity.org/forums/topic/104...erability/
http://penetrationengineer.blogspot.com/...usion.html
http://www.youtube.com/watch?v=3PtZcYFsmGY
http://elitehackerz.net/hacking-tutorial...orial.html
http://hakipedia.com/index.php/Category:...on_Hacking
https://www.owasp.org/index.php/Attacks
http://thehackerlounge.blogspot.com/2009...mysql.html
http://ferruh.mavituna.com/sql-injection...sheet-oku/
http://www.w3schools.com/sql/default.asp
http://www.steve.org.uk/Security/XSS/Tutorial/
http://r00tsecurity.org/forums/topic/104...erability/
http://penetrationengineer.blogspot.com/...usion.html
http://www.youtube.com/watch?v=3PtZcYFsmGY
http://elitehackerz.net/hacking-tutorial...orial.html
http://hakipedia.com/index.php/Category:...on_Hacking
https://www.owasp.org/index.php/Attacks