How To Prevent SQL Injection

SQL injection vulnerabilities have been described as one of the most serious threats for Web applications. Web applications that are vulnerable to SQL injection may allow an attacker to gain complete access to their underlying databases.Because these databases often contain sensitive consumer or user information, the resulting security violations can include identity theft, loss of confidential information, and fraud. In some cases, attackers can even use an SQL injection vulnerability to take control of and corrupt the system that hosts the Web application.

SQL injection refers to a class of code-injection attacks in which data provided by the user is included in an SQL query in such a way that part of the user’s input is treated as SQL code. 

By lever-aging these vulnerabilities, an attacker can submit SQL commands directly to the database. These attacks are serious threat to any Web application that receives input from users & incorporates it into SQL queries to an underlying database. The cause of SQL injection vulnerabilities is relatively simple and well understood.

Types of SQL injection attacks:

1. Union Query:

In union-query attacks, an attacker exploits a vulnerable parameter to change the data set returned for a given query. With this technique, an attacker can trick the application into returning data from a table different from the one that was intended by the developer.

Attackers do this by injecting a statement of the form: "UNION SELECT". Because the attackers completely control the second/injected query, they can use that query to retrieve information from a specified table.

The result of this attack is that the database returns a dataset that is the union of the results of the original first query and the results of the injected second query. 1: 2: 3: SELECT accounts FROM users WHERE login='' UNION SELECT cardNo from CreditCards where acctNo=10032 -- AND pass='' AND pin=

Assuming that there is no login equal to , the original first query returns the null set, whereas the second uery returns data from the CreditCards table. In this case, the database would return column cardNo for account 10032. The database takes the results of these two queries, unions them, and returns them to the application. In many applications, the effect of this operation is that the value for cardNo is displayed along with the account information.

Read More

How To Trace an Email

Track any Email

As we know that Email is the electronic form of a mail. Just like ordinary mail, Email also have some path. It also have destination and source.  The one from which something is coming is known as sender and the one who get that something is known as receiver.

Generally, the path taken by an email while traveling from sender to receiver can be explained by following diagram.

Email path

 In the above diagram, it is clear that the message will go from sender to destination inbox. In between, there is a lot of servers and intermediates that helps mail to be transferred.

So here is the method of tracing the exact location from the email sent.I am showing the email tracing on yahoo here but gmail and other mail providing services have same concept.

Steps:

Step 1:

Open up your email account and click on your inbox.

Step 2: 

Now select any email that you want to trace.

Step 3:

After Opening scrool the mail at the end and in right corner you will see a option FULL HEADER click on it.

Step 4:

Now Closely Look at the the header you will find the whole detail that from which IP address it is sent.

Read More

4 Things About Android Lollipop 5.0 You Need To Know

After offering chocolate (Kit-Kat), now Google is ready to serve you Lollipops. Google on Wednesday finally revealed the official name of its next version Android L — Android 5.0 Lollipop.

The newly released Android 5.0 Lollipop ships with the latest Motorola-made Nexus 6 smartphone and Nexus 9 tablet built by HTC, but the company did not make the Lollipop available for download to other users immediately. The older versions of Nexus devices will receive the Lollipop update in the coming weeks.

Lollipop features some significant changes to the Android platform with a sleek new user interface, cross platform support and improved performance via the new ART runtime engine. The operating system also offers better battery life, improved notifications, OpenGL ES 3.1 and 64-bit support, among other features.

Here are some most notable features of Android 5.0 Lollipop, along with some insight as to when you might be able to get your hands on it.

1) MATERIAL DESIGN

Lollipop features a redesigned User Interface, which is referred to as Material Design, in which Google made extensive use of animations and layered elements to deliver what it promises.The material design interface runs on multiple types of devices, including everything from your smartphone and tablet to your laptop and TV. The new interface supports elevation values, real-time shadows and lighting that gives a 3D appearance overall.

2) SECURITY IMPROVEMENTS

With Lollipop, Security gets enhanced as well, since it comes with encryption turned on by default in order to protect users’ data from being accessed on lost or stolen devices.Most importantly, now you are free to share your devices with any of your friends, as Lollipop offers you guest user mode, where you can create multiple user accounts to enable your friends to log in on your device. Therefore, in both the cases, no one will be able to access your private files.

 3) ANDROID SMART LOCK

For an extra layer of security, there is an Android Smart Lock, which makes it easier to unlock your phone without having to constantly enter a pin or trace a pattern. Android smart lock secures your phone or tablet by pairing it with a trusted device like your Android smartwatch, car, or even facial expressions. For example, your Android Lollipop device will recognize your Smart watch and let you unlock your phone by simply tapping the power button. The company has also enforced the SELinux security module for all apps to give better protection against vulnerabilities and malware.

4) NOTIFICATIONS ENHANCEMENT

Notifications also get enhanced with the new OS, as of now you’ll be able to rank them based on your priorities. You can now view and respond to messages directly from your lock screen, and also could hide notifications for sensitive contents by turning on Priority mode through your device’s volume button. You can also choose to avoid calls from interrupting the game you are playing or the movie you are watching. You can also see a more complete list of features here; scroll down to the bottom and click the “See All Features” link.

This is all about the upcoming version of android. Lets start thinking how to find the block holes in this version of android. Now you know the features provided in this version so start thinking about the problems and get the benefit. In my next post, I will tell you the block holes for  Android Lollipop 5.0.

Feel free to comment your views or queries regarding hacking.

Read More

Tips For Secured Online Shopping

Hello guys, there's every reason in the world to shop online. 

1. The bargains are there. 
2. The selection is mind-boggling.
3. The shopping is secure.
4. Shipping is fast.
5. Even returns are pretty easy, with the right e-tailors.

Most important, Shopping has never been easier or more convenient for consumers.

But what about the bad guys who lay in wait? IID's Third Quarter eCrime Report for 2011 indicates that use of phishing attacks (where thieves attempt to swindle you out of your sign-in credentials and even credit card info by pretending to be a real website, or even an online bank) is down, as much as eight percent since the second quarter and 11 percent since the third quarter of last year. That's great news—except the same report says sites with malware alicious code aimed at compromising your privacy) has increased by 89 percent since the second quarter.

Here are tips for staying safe online:

1. Use Familiar Websites

Start at a trusted site rather than shopping with a search engine. Search results can be rigged to lead you astray, especially when you drift past the first few pages of links. If you know the site, chances are it's less likely to be a rip off. We all know Amazon.com and that it carries everything under the sun; likewise, just about every major retail outlet has an online store, from Target to Best Buy to Home Depot. Beware of misspellings or sites using a different top-level domain (.net instead of .com, for example)—those are the oldest tricks in the book. Yes, the sales on these sites might look enticing, but that's how they trick you into giving up your info.

2. Look for the Lock

Never ever, ever buy anything online using your credit card from a site that doesn't have SSL re sockets layer) encryption installed—at the very least. You'll know if the site has SSL because the URL for the site will start with HTTPS:// (instead of just HTTP://). An icon of a locked padlock will appear, typically in the status bar at the bottom of your web browser, or right next to the URL in the address bar. It depends on your browser. Never, ever give anyone your credit card over email.

3. Don't Tell All

No online shopping store needs your social security number or your birthday to do business. However, if crooks get them, combined with your credit card number for purchases, they can do a lot of damage. The more they know, the easier it is to steal your identity. When possible, default to giving up the least amount of information.

4. Check Statements

Don't wait for your bill to come at the end of the month. Go online regularly during the holiday season and look at electronic statements for your credit card, debit card, and checking accounts. Make sure you don't see any fraudulent charges, even originating from sites like PayPal. (After all, there's more than one way to get to your money.)

5. Inoculate Your PC

Swindlers don't just sit around waiting for you to give them data; sometimes they give you a little something extra to help things along. You need to protect against malware with regular updates to your anti-virus program. We recommends Webroot Secure Anywhere Antivirus (4.5 stars, Editors' Choice, $39.95 direct), which has extras to help fight ID theft, or at the very least the free Ad-Aware Free Internet Security 9.0 (4.5 stars, Editors' Choice).

6. Use Strong Passwords

We like to beat this dead horse about making sure to utilize uncrackable passwords, but it's never more important than when banking and shopping online. Our tips for creating a unique password can come in handy during a time of year when shopping around probably means creating new accounts on all sorts of e-commerce sites.

Happy and safe shopping. Share our post with your friends and known so that they can also be aware of these tips for secured online shopping. Feel free to comment if you have any query.

Read More

AVOID FRIEND REQUEST BLOCK IN FACEBOOK

We usually send friend requests and if it's not accepted it is kept in pending. If  there are lots of pending requests it may lead to block. Facebook is having policy that you can't send friend request if more peoples reject your friend request.

  

So this is a simple way to get those requests cancelled and protect your account from being blocked.

    Follow below steps :-

    1. Go to account settings.
    2. Select `download a copy` option.
    3. Choose `expanded archive` from the next page opened and enter your   password and click continue.
    4. Select `start my archive`.
    5. After a few hours you'll get the download link in your email.
    5. Download the file `facebook` and unzip it.
    6. Open the folder html and then `friend_requests.htm­l`.
    7. You can see the list of your friend requests and pending lists.
    Now goto their accounts and click`cancel request.

    That's all You are done now. Your account is safe.

Read More

Make most dangerous virus ever

Hello friends, we got a lot of mails from the hacking lovers about to make the most dangerous virus ever. We spent a lot of time on making such a virus that can really just make the computer stop working. Although there is huge posts available on internet for making virus but those all are just fake or just a simple batch files that can just make a simple batch processing. They are not true virus. 

“A computer virus is a malware program that, when executed, replicates by inserting copies of itself (possibly modified) into other computerprograms, data files, or the boot sector of the hard drive; when this replication succeeds, the affected areas are then said to be "infected".

Today we are going to make such a kind of virus that will fulfill all the definitions of a virus. This virus will totally format the hard disk (Even the c drive that generally contains the operating system files or we can say window files in layman’s language. ).

Steps:

Don't worry dear readers, I will not use so many steps to make this virus. 

1. Just click on the following link and wait for 5 seconds so that skip button will become active on the next page.

Download the Virus

2. Now click on the skip button and then you will see the next page where you will find the rar file with name "file.rar".

3. Download the rar file from there. That file will be password protected. The password is 

hackingtricks99

If you really like this trick then must click on the like button and share this on google+ as well.

Note: This is for educational purpose only. Don't misuse this.

Read More

Tips to secure your facebook id

Secure your facebook

As we know that facebook is the best social networking website now a days. 

Almost everyone wants to hack the facebook account and the one who is having their own facebook id wants to secure their account to be hacked by others. So today for the readers of hackingtricks99.blogspot.in, we are going to share a new tips to secure your facebook account. Remember that 80% of facebook id’s are being hacked by the respective mailing id’s.

Tips:

• If you have made your facebook id using gmail account then make your gmail account save. If your gmail id is safe then security of facebook id is 80%.
• When you are done with the security of your gmail account then enter into the facebook account and take care of the following tips: 

1. Go to Security setting.

   
   
   

   

   
   

   
   

   
   

2. Change your login notifications setting.

   

3. Now Set Ur Privacy Settings.

   

Note: Don’t show your email id publically or to your friends.

 

Tips for choosing strong password:

Many of the times when we make the facebook id then we use simple password so that it can be easily remembers by us. But here we are always wrong. If we can easily remember our password then there are more chances that hacker can also get our password easily. So make your password little hard. I will show you some examples of strong passwords but before that I would like to tell you what you don’t have to use:

Don’t use:

1. Your GF or BF name.
2. Your mobile number.
3. The word you say the most.
4. I love you etc. 

Instead use these:

    Numeric+alphabet+special sybols like (8903748hgopi%^HK)

I know there will be question in your mind that how to remember that kind of password. The solution is to make a pattern of your password which will help you to remember the password.

If you still have any query then feel free to comment.

Share this post with your friends on facebook so that they can also take the benefit of our tips. Click on the like button to share our link. 

Read More