SQL Injections,Break code,Unauthenticated Login,Admin beaking

 SQL injections:

SQL injections are used login without valid login credentials.So you could break the login of a website or even admin panel if there is not enough security .

SQL injection attack (SQLIA) is considered one of the top 10 web application vulnerabilities of 2007 and 2010

So some of the SQL Injections are 

1)' or '1'='1

2)' or '1'='1' -- '
3)' or '1'='1' ({ '
4)' or '1'='1' /* '

And One Small yet very effective one: '='

These all make a query that is executed as default and thus the authentication is provided for login.

So lets see what a normal coder  writes for login 

SELECT * FROM users WHERE username = '$_POST['user']' AND password='$_POST['password']';

  

And on giving the SQL Injections Lets see What query can you Let execute and break the code written for Login.

SELECT * FROM users WHERE name = ' ' OR  '1'='1' and password = '' OR '1'='1'; 

So if the or condition is executed the login is provided and you can easily login.

So though old yet sometimes very effective.   
So if interested You could easily start trying :-  ).

XSS and X path are also based on the Same concepts And use these as basic to break vulnerabilty.

There are other types like XPATH  , XSS , CRPF that are dangerous but that would be in my next post .  

Image Upload to folder,Image,Profile Picture save,Retrive Image ....SIMPLY UPLOAD IMAGES

<?php
//There is no validation on type of extension that Will be mentioned in next post ......
 //Any queries post comment
//THIS IS PHP CODE FOR SUBMIT OF THE FORM AND VALIDATION
$message="Welcome";
if(!empty($_POST['submit']))
{
   
    if(empty($_FILES["profile_pic"]["name"]))
    {
        $message="Select File to Upload";
    }
    else
    {
      
           
echo "Upload: " . $_FILES["profile_pic"]["name"] . "<br>";
echo "Type: " . $_FILES["profile_pic"]["type"] . "<br>";
echo "Size: " . ($_FILES["profile_pic"]["size"] / 1024) . " kB<br>";
echo "Stored in: " . $_FILES["profile_pic"]["tmp_name"];
 
 
 
 
   move_uploaded_file($_FILES["profile_pic"]["tmp_name"],
      "images/" . $_FILES["profile_pic"]["name"]);
     
     
      echo "Stored in: " . "images/" . $_FILES["profile_pic"]["name"];
           
            $message="Uploaded in folder Successfully";
           
            {
                //Your DB CONNECTION GOES HEREEEEE
                //Your Query Goes here ----------
//And Your Image has been saved to database after query and To Image folder you will see your image in Server
               
               
               
               
            }
           
           
           
           
           
     
    }
}

?>

<div>

<!------------THIS IS FORM WHERE FILE IS PRESENT-------------->
    <div id="myDiv"><?php echo $message;?></div>
    <form id="add_info" name="add_info" method="post" enctype="multipart/form-data">
       
        Upload your Image :
        <input type="file" name="profile_pic" id="profile_pic">
       
        <input type="submit" name="submit" id="submit" value="submit">
       
    </form>
   
   
   
</div>

Jquery Magic

Click Me!

Hii,
do comment if You liked magic of jquery.......
ANY QUERIES ??
COMMENT

SIMPLE HTML AND CSS POWER

Put the mouse on this block and see the Difference Check it out

HTML JAVASCRIPT JQERY POWERFUL TOOL

 THIS IS CODE FOR ABOVE-------JQUERY AND JAVASCRIPT---



<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js">
</script>

<script>
$(document).ready(function(){
  $("#flip").click(function(){
    $("#panel").toggle("slow");
  });
});
</script>


<style>
#xyz
{
color:blue;

}
#xyz a:hover
{
color:red;
background-color:yellow;
}
</style>


<h2>Jquery Magic</h2>

<div id="flip" type="button" style="cursor:pointer;">Click Me!</div>


<div id="panel" style="display:none;background-color:green;border:thin solid red;">
Hii,
<br>

 do comment if You liked magic of jquery.......

<span style="color:yellow;">
<br>
ANY QUERIES ??
<br>
COMMENT
</span>

</div>






<h2>SIMPLE HTML AND CSS POWER</h2>

<div id="xyz">
<a href="javascript:void(0)">Put the mouse on this block and see the Difference</a>

Check it out
</div>

Simple Function javascript

Hi  I am New to blogging .....
here is a new function ..
<script type="text/javascript">
function hello(id)
{
 alert("id");
}
</script>

<div>
<input type="button" id="xyz" name="xyz" onclick="hello(this.name)">
</div>