Last post Sep 30, 2013 03:48 AM by Lisa Zhang - MSFT
Sep 28, 2013 11:11 PM|coderbd|LINK
This week I launched a website. I know that site is vulnerable. I'm not expert in this section. Please help me to trace site problem.
Sep 30, 2013 03:48 AM|Lisa Zhang - MSFT|LINK
According to your description, you want to check if your website is vulnerable or not.
Firstly, you need to check sql injection.SQL injection is the attempt to issue SQL commands to a database through a website interface, to gain other information. Namely, this information is stored database information such as usernames and passwords.
First rule of securing any script or page that attaches to a database instance is ‘Do not trust user input’.
SELECT username,password FROM users WHERE username='$username'
By appending a ' to that statement, you could then add additional SQL paramaters or queries.: ' OR username –
SELECT username,password FROM users WHERE username='' OR username -- '$username
More information about sql injection, please try to refer to the links below:
# Testing if a site is vulnerable to Sql Injection
# How to find out if a website is vulnerable to SQL Injection?
Besides, there are other methods to check if a website is vulneralbe or not.
Please try to read articles below:
# How to find a Vulnerable Website?
# 5 ways your website is vulnerable to security attacks (Part 1)
# Step 6: Identify the vulnerability