Posts

Showing posts with the label SQL Injection

SQL Injection Protect from Postgres Plus

SQL Injection is method of Hacking Data inside the Database. Using SQL Injection, Hackers do multiple Attempt of SQLs to understand the Structure of tables and Try to get the hint of data inside a table. For example, if a Hacker knows that UserName and Password of a Website are stored in a database table say member, then he can write query something like given below to fetch all the data inside the function as given below: select * from tablename where 1=1; Or select * from tablename where 'x'='x'; Similarly, suppose Hacker wants to know the structure (Columns) of any table, then he can try multiple attempts of finding the column name by using the HAVING OR GROUP BY CLAUSE and can find the Columns Names Based on Error. As given below: postgres=# select * from test_sql_injection group by 1 having 1=1; ERROR: column "test_sql_injection.col" must appear in the GROUP BY clause or be used in an aggregate function LINE 1: select * from test_sql_injection gro