SQL Injection Part 3– How to Prevent

Posted on by

This is more interesting than hacking.

There are several techniques, but again preventing in the sense making  a harder environment for the hacker. And we what we try is to make the environment harder and what the hacker tries is to find a path in the environment.

First you can clean the values like this.

$username = cleanQuery($_POST[‘username’]);

This looks to see if magic quotes is turned on. if so, it may have already added backslash escapes though a POST or GET method used to pass the data. If backslashes were added, they need to be removed prior to running it through the rest of the function.

Using the mysql_real_escape_string

This function puts the backslash for the following \n, \r, \, \x00, \x1a, ‘ and “.

So when the hacker inserts a ‘ the function puts a backslash and makes it as varchar literal. Not as an ending quote.

So if we look at the example in Part 2

username = nobody’ or 1=1;#

password = gotcha…

 

The sql statement now gets the value.

SELECT * FROM Users WHERE username = ‘nobody\’ or 1=1;#’ AND password = ‘gotcha’

So now here the whole username past nobody’ or 1=1;# is treated as a varchar value and queried. This will return an empty set.

Furthermore we can have own implementations to prevent the SQL Injection. Example a black list of keywords such as DELETE, MERGE, DROP. This method has a disadvantage of not allowing these words to be used in search as well.

Another way blocking the # mark. There several websites doing this. (which uses mySQL as their back end) They simply do not allow you to have # in their usernames and passwords. Again this has the advantages and the disadvantages. Simply we cannot have username like C#NUTT. 🙂

Careful design of the system is very much important.

SQL Injection Part 2– How to Inject

Posted on by

We have created a proper login in Part 1. Proper login in the sense it was syntactically OK but not an efficient one.

Let’s how a hacker can get into a system.

He inserts the

username as nobody or 1=1

password  = idontknow or 1=1

Now the $sql will get the following value

SELECT * FROM Users WHERE username =’nobody or 1=1′ AND password =’idontknow or 1=1’

Here the the or 1=1 part also within the quote and the OR is considered as a varchar literal not as a logical operator by mySQL. This gives a chance to us.

How ?

We introduced the quotes in the statement to make the $sql valid, we did not have the intention of preventing the SQL injection on that time. But it worked well here for the SQL Injection prevention also.

When the above statement is executed in mySQL. It will return an empty set. Because it searches for username ‘nobody or 1=1’ and password ‘idontknow or 1=1’. Which are not available in the Users table.

image

But the hacker is a smart guy, and he knows that you are using quotes and still wants to make an SQL Injection.

Now he types the following

username = nobody’ or 1=1

password = idontknow’ or 1=1

Then now the $sql gets the value of

SELECT * FROM Users WHERE username =’nobody’ or 1=1′ AND password =’idontknow’ or 1=1′

When this is executed in mySQL

image

An error comes because the quotes introduced by the hacker and the quotes introduced by the developer.

AGAIN HACKER TRIES

This time he comes with a powerful weapon – COMMENTS.

He tries the following

username = nobody’ or 1=1;#

password = gotcha…

Now the $sql gets the value of

SELECT * FROM Users WHERE username =’nobody’ or 1=1;#’ AND password =’gotcha’

When execute the above in mySQL

image

BOOM

The hacker succeeds.

Here after the ; mark he can add any statement like insert, update, drop and finally put the #. This ignores all the rest of the part.

Really this is simple and most websites are prone to this attack.

How to Prevent is on Part 3

Cracking UCS and A*

Posted on by

Today I finished my semester exam on AI. While studying I did a googling on how UCS (Uniform Cost Search) and A* works. This site states that UCS is not always complete. Reason is if the zero cost path connects to the same node in a tree UCS will fall into an infinite loop. For some extent conceptually it is true. The below picture explains the idea.

image

If the start node is S then it goes to the A then B from B it will go to the S. This loop remains without going to the G. The same way A* also falls into an infinite loop if the heuristic values of A,B and S are same. Because here traversed path value g(n) is  zero. So ultimately f(n) remains unchanged.

f(n) = h(n) + g(n)

Here h(n) same and even after ‘n’ numbers of iteration g(n) = 0.

 

I thought about the above idea, and conceptually it is right. But in real world scenario it is very hard to get a situation like this. Even if we get a situation like this A to B zero cost. Then A and B same.

But in Semantic networks we may have a situation like this. In a self referencing documents, so the UCS can be cracked. But A* will not be cracked easily because even on a self referencing document the re-request cost will increase the g(n) value.

I just thought about the scenario and wrote this, there can be controversies and my assumption may be completely wrong. In case provide a comment here (not some where else, since I get blog comments direct to email or in FB) and let’s discuss.

Silverlight with PHP

Posted on by

I do not really need to tell about the Silverlight and its power, since it is apparent. But at the same time I cannot keep mouth shut with the features that Silverlight offers. I have been working on WPF and Silverlight these days. And Just wondering the power the Silverlight has over the Web Apps. It drives me crazy especially compared to ASP.NET Ajax.

What an effective and an easy way to build RIAs. Wondering about the Silverlight architecture and how the mixture of XAML and the managed code sit on the back of the Silverlight.js. Really Excellent.

Using the Silverlight with ASPX is OK, what about with the other languages. Of course not a big deal. Here I explained how to use Silverlight in your PHP application with the C# managed code.

Create a simple PHP file that can take your name and say Hello !

image

The above PHP script gets post to itself and say Hello.

Now build the Silverlight in VS 2010, when creating the Silverlight application project select the temporary hosting in an HTML file rather than the Web project. This will create an HTML where your Silverlight object is embedded; it would be easy to get the code later.

Put the following in the Layout Grid – XAML Code

image

 

Code for button1_Click event in the MainPage.xaml.cs

 

image

Now we have the PHP file and the Silverlight application, Let’s put them together.

I’m hosting the PHP using the WAMP, Create a folder SilverlightPHP and save the above PHP file as index.php (so it’s easy to access)

Browse your Silverlight application project folder and inside the Bin->Debug there would be a file with the extension of .xap (description says as XACT project file)

Copy that file and put it into the SilverlightPHP folder.

Then open the HTML file in the Silverlight application project folder (it’s also in the Debug folder)

copy the Javascript code and paste it inside the <head> </head> or keep it as separate .js file and link it.

Then copy the Silverlight embedding code from the HTML and paste it inside the body. You can set the size here.

image

Here rather than copying the .xap file to the target folder you can set the value to as the path of the .xap file.

Save the index.php

Then RUN !@# and have FUN.

The real amazing thing is this a very cool way to bring the RIA capability to our normal PHP apps. You can notice that when you click the Say Hello button of the PHP the page reloads but when you click the Say Hello button of Silverlight it is completely an asynchronous call to the Silverlight object model. (great AJAX feature). More than that here we use C#.NET and the PHP in the same web interface.

image

What to expect from a UOM IT Faculty guy.

Posted on by

I write this article based on some hypothetical thinking; I got during my AI lecture. I have been having this idea for sometime and I have shared this with some of my friends as well. You may not agree with me sometimes, but what I say is my opinion.

There were days; I can remember when I was in my first year first semester, (very curious about the campus life) some industry people were saying that Srilanka needs 5000 IT professionals per year. And the supply is only below 3000. Wow it was a good news for any fresh graduate to hear such a news about his field of study. But what happened after some time was ‘Economic Crisis’. I really say I still do not have a proper accurate idea about that. (people were saying USA bubble burst, inflation and lot of things)

But what I heard and saw in real life is ‘Cost cutting’ I remember that Virtusa fired around 30 people in one single day, that time. Then things went like that in all most all the companies. And now I can see and hear from some of my senior guys who have got good job positions with attractive salary in last couple of months. 🙂

So what is to do with today’s lecture ? Today my lecturer told about that Srilanka is producing less than 100 of graduates who have depth knowledge in computer science and mathematics.  He also told he did a survey on that. I know personally that he’s having an idea that the IT faculty’s syllabus should be changed.

Really what I think is an IT guy from the UOM IT faculty is not meant to be a developer or a tech nut. If you clearly see the syllabus designed in way to give broad aspect of the field and the technical skills are subset of that.

So I feel an IT faculty guy should have to be designer or a business analyst rather than a developer. An IT guy from a UOM is meant to be an architect of the system rather than a developer. He is not a web developer he meant to  be the web analyst . All these need technical skills, but we are not supposed to be the developers. 

But what I see in in real life is completely different. People are meant to be like developers. I don’t say we can directly be the architects of a company, but we are made for those positions. And I think we are not made for extreme programming like OS and hardware device drivers. There are people who can go to that level but we are not meant to that.

Microsoft Vs. Adobe

Posted on by

Hi, Yesterday I saw a post on the Facebook linking to a mashable.com post saying that MS has plans to acquire Adobe. The post continues on what will happen and all that. The news that the plans of MS on acquiring the Adobe is not official, but it was an interesting post to read.

In the IT filed the acquiring chain of the companies has been there from the very beginning, since it is vital to take the competitive advantage. Some companies operate and put their hands on very new technologies believing that big giants will acquire them one day. If we have a look on the history you cannot even believe the numbers.

So far Microsoft has acquired or merged 128 companies Surprised smile Yep, here’s the list http://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Microsoft

And Google has acquired or merged 80 companies. http://en.wikipedia.org/wiki/List_of_acquisitions_by_Google

Apple has acquired more than 30 http://en.wikipedia.org/wiki/List_of_mergers_and_acquisitions_by_Apple 

Adobe and the Oracle have also have their share in acquisition, with more than 30 companies each.

The chain grows and grows, last few months Apple was trying to acquire Adobe. Ultimately Apple banned the Adobe Flash in it’s iPad and iPhone. Users suffer lot, they can’t view the contents of the websites like YouTube and Hulu. Sad smile

That was a stupid move I guess. Annoyed

Now there are news spreading out that MS is trying to acquire the Adobe. Really MS is trying very hard to make a reasonable share on the mobile market through their Windows Phone 7. Really the previews and the promised features were amazing in WP7 and even the iPhone users are having a WoW on WP7. But when compared to the iPhone, Andriod and Blackberry WP7 has a very small market share.

And do not talk about MS Kin it was boom, only 750 people in the world are using it; and MS closed it immediately after one week of its release. But MS always want to have its own pie in the mobile market. Now they are in the right track with the WP7 which is powered by Silverlight.

But if MS acquires Adobe how this going to help them on knocking down their rapidly growing rivals Google and the Apple. (Of course they are not too much Rrrrr….. with Google). So how they can knock down the Apple.

They can quite the Adobe products to Mac. (but they are not going to do, since it is a billion dollar business and they do not want to loss that revenue in order to knock their enemy).

There is another issue on Silverlight and the Flash. Ooops this is real heck. I think what MS will do to the Flash is; it will simply ignore it. (it is a very good strategy to knock things down) A recent example is what Oracle did to mySQL after acquiring the Sun. (Really Oracle messed up the Sun)

Silverlight gain the popular and now it is one of the technologies that industry seeks. And we can do plenty of things in Silverlight that we cannot perform in Flash. The secret is the .NET platform. (a platform always beats an application). That’s why MS made the Silverlight as platform geared with the .NET. Now Silverlight is a platform for Web, Xbox, Zune and Windows Mobile. Why even to the desktop.

There are more Flash based websites but Silverlight is started to gain popularity and the market share.

So if MS acquires the Adobe it won’t help MS to get the share in the mobile market. (but they can do) But however they are adding a billions and billions of business to their venture. Think about MS Photoshop, MS SoundForge, MS After Effects …Smile

Smile Surprised smile Annoyed Secret telling smile All the expressions are possible.

SQL Stored Procedures

Posted on by

You can have a good sample on SQL Server Stored procedures using ADO.NET in C# in this link. http://www.codeproject.com/KB/cs/simplecodeasp.aspx

The article is simple and easy to understand.

Feel free to ask any questions on stored procedures as I will try my best to answer.