A) SQL injection for website hacking
Step 1:
• Create database named ethck
• Create table login_detail
CREATE TABLE `login_detail`(
`user_name` varchar(50) NOT NULL,
`password` varchar(500) NOT NULL)
Insert into login_detail values(’system’,’manager’); Insert into login_detail values(’admin’,’admin’);
Insert into login_detail values(’student’,’1234’);
Code:
login.php
<?php
$uname = $_GET[‘user_name’];
$pass = $_GET[‘password’];
$username=‘root’;
$password=‘‘;
$conn=new mysqli($servername,$username,$password,’ethck’);
if($conn->connect_error)
{
die(“Connection Failed”.$conn->connect_error);
}
$sql=“SELECT * FROM login_detail WHERE user_name=‘$uname’ AND password=‘$pass’”;
$result=mysqli_query($conn,$sql);
$check=mysqli_fetch_array($result); if(isset($check))
{
header(“Location: index.html”);
}
else
{
echo ‘Login Failed’;
}
?>
<html>
<head>
<title>User Login</title>
<style>
body{width: 100vw; height: 100vh; display: flex; justify-content: center; align-items: center; flex-direction: column;}
form{width: 30%; height: 60%; box-shadow: 8px 8px 8px rgba(0,0,0,0.2),-2px -2px 8px rgba(0,0,0,0.2);display: flex; justify-content: space-evenly; align-items: center; flex-direction: column;}
.username{display: flex; justify-content: flex-start; align-items: flex-start; flex-direction: column}
.username:nth-child(4){flex-direction: row;} input[type=text],[type=password]{border: none; border-bottom: 2px solid
rgba(0,0,0,0.5); height: 32px; background: rgba(0,0,0,0.1)}
input[type=submit],[type=reset]{border: none; width: 100px; height: 32px; background: green; color: #fff; margin-left: 0.5rem; border-radius: 6px}
</style></head>
<body>
<form name=“FormUser” method=“get” action=“” align=“center”>
<h3 allign=“center”>Login</h3>
<div class=“username”>Username<input type=“text” name=“user_name”></div>
<div class=“username”>Password<input type=“password” name=“password”></div>
<div class=“username”>
<input type=“submit” name=“Submit” value=“Submit”>
<input type=“reset”>
</div></form>
</body>
</html>
Normal Login
Changes in Link
B) Session Hijacking
Perform session hijacking for the above login php program. What are the ways to prevent your data hacked by packet sniffers?
Solution:
• Using HTTPS, the secure version of HTTP will prevent packet sniffers from seeingthe traffic on the websites you are visiting.
• To make sure you are using HTTPS, check the upper left corner of your browser.
• Tunnel your connectivity to a virtual private network, or a VPN. A VPN encrypts the traffic being sent between your computer and the destination. This includes information being used on websites, services, and applications. A packet sniffer would only see encrypted data being sent to your VPN service provider.
Right click -> inspect -> document.cookie
Now PHPSESSID for Admin: PHPSESSID = hu6lfhr59mo646vteldh0gpkcg Next, delete the above session after it is recorded above.
Login as username=student and password =1234
Right click->inspect->document.cookie
Now PHPSESSID for vv=
PHPSESSID=r67idugnsqnegna8flmr9jp0h6
Now the admin is trying to hijack the session ofusername student
Click EditThisCookie
In the PHPSessID replace vv’s
PHPSESSID=r67idugnsqnegna8flmr9jp0h6
With Admin sessionid PHPSESSID=tgi4p6cspac1rn1gdgf4 n972i8