SQL METHOD ~ SQL MANIPULATION


                       As in the Earlier post I had discuss that it is  the most commonly described attacks for all types of databases (including SQL Server, MySQL, PostgreSQL, and Oracle).   Let see the SQL MANIPULATION method in some detail with basic......

Note : SQL statements are used in this chapter to demonstrate the  SQL injection method. In order to be programming language neutral, only the developer intended and attacker manipulated SQL statements are presented.  The portions in blue, italics is a sample of what input the programmer is expecting and what an attacker might actually enter into a string field of the application. 

                       The most common type of SQL Injection attack is SQL manipulation.  The attacker attempts to modify  the existing SQL statement by adding elements to the WHERE clause or extending the SQL statement  with set operators like UNION, INTERSECT, or MINUS.  There are other possible variations, but these are the most significant examples.

Example : 

                   The classic SQL manipulation is during the login authentication.  A simplistic web application may check user authentication by executing the following query and checking to see if any rows were
returned –

SELECT * FROM users
WHERE username = 'bob' and PASSWORD = 'mypassword'  

The attacker attempts to manipulate the SQL statement to execute as –

SELECT * FROM users
WHERE username = 'bob' and PASSWORD = 'mypassword' or 'a' = 'a'  

Based on operator precedence, the WHERE clause is true for every row and the attacker has gained
access to the application.

The set operator UNION is frequently used in SQL injection attacks.  The goal is to manipulate a SQL
statement into returning rows from another table.  A web form may execute the following query to
return a list of available products –

SELECT product_name FROM all_products
WHERE product_name like '%Chairs%'


The attacker attempts to manipulate the SQL statement to execute as –

SELECT product_name FROM all_products
WHERE product_name like '%Chairs' 
UNION 
SELECT username FROM dba_users 
WHERE username like '%'

The list returned to the web form will include all the selected products, but also all the database users.




Also See : What is SQL Injection ?
                 SQL Injection category.

SQL injection categories


SQL injection attacks are simple in nature – an attacker passes string input to an application in hopes manipulating the SQL statement to his or her advantage.  The complexity of the attack involves exploiting a SQL statement that may be unknown to the attacker.  Open-source applications and commercial applications delivered with source code are more vulnerable since an attacker can find potentially vulnerable statements prior to an attack.


CATEGORIES OF SQL INJECTION ATTACKS

There are four main categories of SQL Injection attacks against Oracle databases –

1.  SQL Manipulation
2.  Code Injection
3.  Function Call Injection
4.  Buffer Overflows

The first two categories, SQL manipulation and code injection, should be well known to the reader, as
these are the most commonly described attacks for all types of databases (including SQL Server,
MySQL, PostgreSQL, and Oracle).

SQL manipulation typically involves modifying the SQL statement through set operations (e.g.,
UNION) or altering the WHERE clause to return a different result.  Many documented SQL injection
attacks are of this type.  The most well known attack is to modify the WHERE clause of the user
authentication statement so the WHERE clause always results in TRUE.

Code injection is when an attacker inserts new SQL statements or database commands into the SQL
statement.  The classic code injection attack is to append a SQL Server EXECUTE command to the
vulnerable SQL statement.  Code injection only works when multiple SQL statements per database
request are supported.  SQL Server and PostgreSQL have this capability and it is sometimes possible
to inject multiple SQL statements with Oracle.  Oracle code injection vulnerabilities involve the
dynamic execution of SQL in PL/SQL.

The last two categories are more specific attacks against Oracle databases and are not well known or
documented.  In the vast majority of our application audits, we have found applications vulnerable to
these two types of attacks.

Function call injection is the insertion of Oracle database functions or custom functions into a
vulnerable SQL statement.  These function calls can be used to make operating system calls or
manipulate data in the database.

SQL injection of buffer overflows is a subset of function call injection.  In several commercial and
open-source databases, vulnerabilities exist in a few database functions that may result in a buffer
overflow.  Patches are available for most of these vulnerabilities, but many production databases
remain un-patched.

WHAT’S VULNERABLE

An application is vulnerable to SQL injection for only one reason – end user string input is not properly
validated and is passed to a dynamic SQL statement without any such validation.  The string input is
usually passed directly to the SQL statement.  However, the user input may be stored in the database
and later passed to a dynamic SQL statement, referred to as a second-order SQL injection.  Because
of the stateless nature of many web applications, it is common to write data to the database or store it
using some other means between web pages.  This indirect type of attack is much more complex and
often requires in-depth knowledge of the application.

WHAT’S NOT VULNERABLE

SQL Statements using bind variables are generally protected from SQL Injection as the Oracle
database will use the value of the bind variable exclusively and not interpret the contents of the
variable in any way.  PL/SQL and JDBC allow for bind variables.  Bind variables should be extensively
used for both security and performance reasons.  

Also see : What is SQL injection ?

What Is SQL Injection ?


                      Most of the students asks me about the SQL injection, So here today I shall share some information about the SQL injection...This concept is to wide, here I show you the overview only.

                      Most application developers underestimate the risk of SQL injections attacks against applications that use Oracle as the back-end database.  Our audits of custom web applications show many application developers do not fully understand the risk of SQL injection attacks and simple techniques used to prevent such attacks.
                      This Blog is intended for application developers, database administrators, and application auditors to highlight the risk of SQL injection attacks and demonstrate why web applications may be vulnerable.  It is not intended to be a tutorial on executing SQL attacks and does not provide instructions on
executing these attacks.

SQL INJECTION OVERVIEW 


                      SQL injection is a basic attack used either to gain unauthorized access to a database or to retrieve information directly from the database.  The basic principles underlying SQL injection are simple and
these types of attacks are easy to execute and master.
                      Any program or application may be vulnerable to SQL injection including stored procedures executed with a direct database connection, Oracle Forms applications, web applications, etc.  Numerous SQL injection vulnerabilities have been found in the standard Oracle Database packages such as
DBMS_DATAPUMP, DBMS_REGISTRY, and DBMS_METADATA (see Oracle Critical Patch Update January 2006).  Web applications are at highest risk to attack since often an attacker can exploit SQL injection vulnerabilities remotely without any database or application authentication.
                     Web applications using Oracle as a back-end database are more vulnerable to SQL injection attacks than most application developers think.  Our application audits have found many web applications
vulnerable to SQL injection even though well-established coding standards were in place during
development of many of these applications.  Function-based SQL injection attacks are of most
concern, since these attacks do not require knowledge of the application and can be easily automated.


                     Fortunately, SQL injection attacks are easy to defend against with simple coding practices.  However, every parameter passed to every dynamic SQL statement must be validated or bind variables must be used.

SQL INJECTION: ORACLE VERSUS OTHER DATABASES 


                    Oracle generally fares well against SQL injection attacks as there is no multiple SQL statement support (SQL Server and PostgreSQL), no EXECUTE statement (SQL Server), and no INTO OUTFILE function (MySQL) – all methods frequently used to exploit SQL injection vulnerabilities.  In addition, the use of bind variables in Oracle environments for performance reasons provides the most effective protection
against SQL injection attacks.
                    Oracle may have fewer attack vectors for SQL injection than other databases, however, Oracle-based applications without proper defenses against these types of attacks can still be vulnerable and can be easily exploited through SQL injection vulnerabilities.



How GPS Works



             For those who are unfamiliar with the term, GPS stands for "Global Positioning System", and is a way of locating a receiver in three dimensional space anywhere on the Earth, and even in orbit about it. 

            To understand exactly why it is so useful and important, we should first look at how GPS works. More importantly, looking at what technological achievements have driven the development of this fascinating positioning system. 


This depends on basically three things:


1) SIGNALS



                In order for GPS to work, a network of satellites was placed into orbit around planet Earth,each broadcasting a specific signal, much like a normal radio signal. This signal can be received by a low cost, low technology aerial, even though the signal is very weak.
               The signals that are broadcast by the satellites carry data that is passed from the aerial, decoded and used by the GPS software.The information is specific enough that the GPS software can identify the satellite, it’s location in space, and calculate the time that the signal took to travel from the satellite to the GPS receiver. Using different signals from different satellites, the GPS software is able to calculate the position of the receiver.
               If you can identify three places on your map, take a bearing to where they are, and draw three lines on the map, then you will find out where you are on the map. 
             The lines will intersect, and, depending on the accuracy of the bearings, the triangle that they form where they intersect will approximate your position, within a margin of error. 
             The result of the “trilateration” (the term used when distances are used instead of bearings) of  at least three satellites, assuming that the clocks are all synchronized enables the software to calculate, within a margin of error, where the device is located in terms of its latitude (East-West) and longitude (North-South) and distance from the centre of the Earth.

(2) TIME AND CORRECTION


             In a perfect world, the accuracy should be absolute, but there are many different factors which prevent this. Principally, it is impossible to ensure that the clocks are all Synchronized. 

            Since the satellites each contain atomic clocks which are extremely accurate, and certainly accurate with respect to each other, we can assume that most of the problem lies with the clock inside the GPS unit itself. 

            A fourth satellite to provide a cross check in the trilateration process. Since trilateration from three signals should pinpoint the location exactly, adding a fourth will move that location; that is, it will not intersect with the calculated location. This indicates to the GPS software that there is a discrepancy, and so it performs an additional 
calculation to find a value that it can use to adjust all the signals so that the four lines 
intersect. 
            Usually, this is as simple as subtracting a second (for example) from each of the calculated travel times of the signals. Thus, the GPS software can also update its own internal clock; and means that not only do we have an accurate positioning device, but also an atomic clock in the palm of our hands. 

(3) MAPPING

            Knowing where the device is in space is one thing, but it is fairly useless information
without something to compare it with. Thus, the mapping part of any GPS software is very important; it is how GPS works our possible routes, and allows the user to plan trips in advance. 
            In fact, it is often the mapping data which elevates the price of the GPS solution; it must be accurate and updated reasonably frequently. There are, however, several kinds of map, and each is intended for different users, with different needs. 
            Road users, for example, require that their mapping data contains accurate information about the road network in the region that they will be traveling in, but will not require detailed information about the lie of the land - they do not really worry about the height of hills and so forth. 
            Marine users need very specific information relating to the sea bed, navigable channels, and other pieces of maritime data that enables them to navigate safely. Of Course, the sea itself is reasonably featureless, but underneath quite some detail is needed to be sure that the boat will not become grounded. 
           Special kinds of marine GPS, known as fishfinders, also combine several functions in one to help fishermen. A fishfinder comprises GPS and also sonar, along with advanced tracking functions and storage for various kinds of fishing and maritime information. 





Know About GPS : GPS (Global positioning System)









GPS (Global Positioning System)


The Global Positioning System (GPS) is a space base satellite-navigation system that provides location and time information in all weather, anywhere on or near the Earth, where there is an unobstructed line of sight to four or more GPS satellites.The GPS project was developed in 1973 and It is maintained by the United States government and is freely accessible to anyone with a GPS receiver.GPS was created and realized by the U.S. Department of Defense (DoD) and was originally run with 24 satellites. It became fully operational in 1994.

GPS navigation system consist of minimum 3 satellites and nowadays the number is 4 because the fourth one gives us the height of the observed point and the three other gives position in earth or nearby. Anyone in earth can use GPS system through a GPS receiver.GPS provides a wide range of facilities and it has a variety of applications.it is initially a military project but later on commercialized.nowadays it has became very popular in civil and commercial usage.







                                                                 How its WORK ?




The orbiting satellites, presently 31 in approximately 12,600 miles, transmit signals that allow a 

GPS receiver anywhere on earth to calculate its own position through trilateration.  A minimum of four GPS satellite signals are required to compute positions in three dimensions and the time offset in the receiver clock. 








                                     



                          GPS advantages and disadvantages: 





  •  Spatial and tabular data are collected simultaneously 
  •   Signals available free of charge 
  •   Position accuracy is superior to conventional methods (some are within sub- cm) 
  •   Coordinate systems and reference datum can be easily changed in the field and in the processing software 
  •   GIS conversion is simple 
  •   The process is relative time concise, easy, and FUN 
  •   Requires training and retraining as technology changes 
  •   Buildings or heavy foliage can block satellite signals 
  •   Requires careful attention to system configuration and data collection standards and procedures 

Related Links :  How GPS works.

NTLDR missing for Xp user.


NTLDR is missing
Press CTRL + ALTR + DEL to restart


Sometime we shows this error of NTLDR file missing.
So need to worry for this error here I can show you the method to solve this

The following are some basic steps ...

  1. Insert the Windows XP bootable CD into the computer.
  2. When prompted to press any key to boot from the CD, press any key.
  3. Once in the Windows XP setup menu press the "R" key to repair Windows.
  4. Log into your Windows installation by pressing the "1" key and pressing enter.
  5. You will then be prompted for your administrator password, enter that password.
  6. Copy the below two files to the root directory of the primary hard drive. In the below example we are copying these files from the CD-ROM drive letter, which in this case is "e." This letter may be different on your computer.

    copy e:\i386\ntldr c:\
    copy e:\i386\ntdetect.com c:\
  7. Once both of these files have been successfully copied, remove the CD from the computer and reboot.

Find the Person Behind an Email Address

Know the email address of someone but nothing more? Learn techniques to help you uncover the location and other details of the email sender.


You get an email from a person with whom you have never interacted before and therefore, before you reply to that message, you would like to know something more about him or her. How do you do this without directly asking the other person?
Web search engines are obviously the most popular place for performing reverse email lookups but if the person you’re trying to research doesn’t have a website or has never interacted with his email address on public forums before, Google will probably be of little help.
No worries, here are few tips and online services that may still  help you uncover the identity of that unknown email sender.

#1. Find the sender’s location


Open the header of the email message and look for lines that say “Received: from” followed by an IP address in square brackets. If there are multiple entries, use the IP address mentioned in the last entry.
Now paste the IP address in this trace route tool and you should get a fairly good idea about the location of the email sender.

#2. Reverse email search with Facebook

Facebook has 450 million users worldwide and there’s a high probability that the sender may also have a profile on Facebook.
Unlike LinkedIn and most other social networks, Facebook lets you search users by email address so that should make your job simpler. Just paste the email address of the sender into the Facebook search box and you’ll immediately know if a matching profile exists in the network.
If you are able to locate that person on Facebook, download his profile picture and then upload it to Google Images (click the camera icon in the search box). This acts as a reverse image search engine so you can locate his other social profiles where he may have used the same picture.

#3. Check all the other Social Networks
You can use a service like Knowem to quickly determine if a profile with a particular username exists in any of the social networks.
If the email address of the send is something like green_peas@hotmail.com, there’s a probably that he or she may have created accounts of some other social network using the same alias “green_peas” – put that in knowem.com to confirm.

#4. People Search

Finally, if nothing works, you should try a people search service like Pipl and Spokeo – both services let you perform reverse email lookups but Spokeo has a more comprehensive database than Pipl.
Other than regular web documents, Spoke also scans social networks and even the whois information of domain names to find any bit of information associated with an email address. However, some of the results returned by Spokeo are only available to subscribers.