Avoiding SQL Injection in PHP - hacking technique

what is SQL Injection ?

stripslashes(), mysql_real_escape_string()

The above two methods are used to avoid SQL injection in PHP

Mysql_real_escape_string() - used to remove any escape characters or special symbols from a string

stripslashes() – to unquote a quoted string

Now let us try SQL injection..

Result of the above form

We are avoiding SQL Injection by trimming away the quotes and special characters from the vulnerable user inputs.

what is SQL Injection ?

SQL Injection in Detail - Hacking Technique

SQL Injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

SQL Injection Discovery Technique:

It  is not compulsory  for an attacker  to visit  the web pages using a browser  to  find  if SQL  injection  is possible on  the site. Generally attackers build a web crawler to collect All URLs available on each and every web page of the site. Web crawler is also used to insert illegal characters into the query string of a URL and check for any error result sent by the server.  If  the  server  sends  any  error message  as  a  result,  it  is  a  strong  positive Indication that the illegal special meta character will pass as a part of the SQL query, and hence  the  site  is  open  to  SQL  Injection  attack.  For example Microsoft Internet Information Server by default shows an ODBC error message if an any Meta character or Single quote is passed to SQL Server. The Web crawler only searches the response text for the ODBC messages.

Example for SQL Injection in Web Applications

1. Consider this form where we are authenticating a user with his username and password details

HTML Code for the form:

Output:

2. We are sending the username and password details to checklogin.php where we are comparing these details with database using SQL query.

3. Let us look at the structure of checklogin.php

In this file the statements 2 & 3 are for connecting to SQL and database named test.

The statements 4 and 5 for storing the two values of the form sent by login.php into two variable $user and $pass.

The statement 6 is SQL query for selecting a complete row from users table in the database with two column values user and pass equivalent to $user and $pass respectively.

Select * from users where user='$user' and pass='$pass';

mysql_query() returns true if query executes successfully else returns null

Table users in test database looks like this

How the login page works….

The login page seems to work properly but it is vulnerable to attacks.

The two variables $user and $pass in checklogin.php are the vulnerable components through which an hacker can attack your database

When you enter the password as ‘or ‘1’=’1 in most websites, there's a chance you can gain access.

How does it happen? Look at the code when we execute that query

SELECT * FROM users WHERE user = ‘admin’AND pass = ‘ ‘ or ‘1’=’1’

Through this the hacker is able to enter into any user’s profile and access any data.

He can even destroy, modify, and create tables in the entire database.

Consider this password field 'or'1'='1';DROP TABLE users

This input will delete users table if it exists. He can even modify and delete records from database.

Avoiding SQL Injection in PHP

10 Handy Commands of Ubuntu / LInux

1. killall < process name >
    To kill a process or application

2. sudo
    To gain super user or root user priveleges

3. wget
    To download files from server

4. mv 
    to move files from one location to other
    if the specified destination does not exist, the actual file will be renamed

5. rm
    to remove files

6. mkdir
    To create directory

7. cd
    To change directory

8. pwd
    To know present working directory

9. ps aux | sort -nrk 4 | head
    To know top 10 processes running sorted by memory occupied

10. ps
      To list all process

How To Use Windows Applications on Linux (Ubuntu / Fedora / CentOS/ openSUSE)

Linux is one of the popular OS among software developers, but it has grown to be more user friendly and now available to every users. It as all the tools that are available on a windows operating system. But one thing its behind is games. U can run windows games and other applications using following tools. But before doing so check if there is same version of it in Linux. If so use it as it is more stable.

These are some tools to use in Linux

1. WINE (most popular one)

WINE stands for "Wine Is Not An Emulator"

It provides a Windows compatibility layer for Linux which makes it possible to install, run and configure Windows applications or games.

You can install WINE by running following commands depending on your Linux distribution

Ubuntu, Debian, Mint

$sudo apt-get install wine

Fedora, CentOS

$sudo yum install wine

openSUSE

$sudo zypper install wine

After this, to install windows application use the following command

$wine <path to executable file or installer>

2. WINETRICKS

It provides a nice graphical interface to configure and run windows apps.

You can install WINETRICKS by running following commands depending on your Linux distribution

Ubuntu, Debian, Mint

$sudo apt-get install winetricks

Fedora, CentOS

$sudo yum install winetricks

openSUSE

$sudo zypper install winetricks

3. PLAY ON LINUX

It provides a nice graphical interface to configure and run windows apps. Personally I would recommend this tool.

You can install PLAY ON LINUX by running following commands depending on your Linux distribution

Ubuntu, Debian, Mint

$sudo apt-get install playonlinux

Fedora, CentOS

$sudo yum install playonlinux

openSUSE

$sudo zypper install playonlinux

Microsoft India all set to focus On Digitization

Microsoft held its Annual Media and Analyst conference in Hyderabad, their second largest campus in the world and the hot topic was Digital Transformation. Their main focus was on providing digital solutions for financial institutions, educational institutions, startups, workplaces and healthcare services in India.

Microsoft is collaborating with 13 state governments in providing the cloud infrastructure. For startups its going to support 5000 upstarts yearly. Apart from these its going to support 400 educational institutions in cloud services.  

Key to their growth in India is their partnerships in above investments. The company stressed on their recent collaboration with Ola cabs to create Ola Infotainment platform running on Microsoft Azure cloud to collect data from cars and then structure and analyse for customer and driver experience.

Ankit Bhati, Co-Founder of Ola said, “we really wanted to rethink the vehicle from a backseat point of you and make it a modern workplace. While our cars run on fuel, our business runs on data. That’s where the intelligent cloud and Microsoft Partnership comes in. Of course, we want to bring the entire productivity suite that Microsoft has and bring it into the car.”

Another major partnership is the ICICI bank - Lombard Insurance and the Chief  of Customer Service, Tech and Operations at ICICI, Girish Nayak shared how Microsoft’s Connected Car and telematics services help the insurance provider avoid hijackings of high-value insured goods during transportation.

The bank, in these cases, uses telematics devices in trucks to map journey time and other data of the trucks carrying the goods. This data is then monitored and analysed at a physical facility, using Microsoft’s tools.

In fact, ICICI Bank also sells two-wheeler and four-wheeler insurance through chat bots built using Microsoft’s AI. The bank’s bot sells around 300 policies per month, all without human intervention.

And at the end they announced that they are building a new larger facility in Hyderabad to grow its Garage initiate which brings Microsoft employees all over the world to collaborate on building new innovative solutions. This new facility is going to span over 400 sq. ft with latest equipment like 3D printers and prototyping tools for the employees.

Gate 2018 Syllabus For Computer Science - CSE & IT

Section 1: Engineering Mathematics

Discrete Mathematics: Propositional and first order logic. Sets, relations, functions, partial orders and lattices. Groups. Graphs: connectivity, matching, coloring. Combinatorics: counting, recurrence relations, generating functions.

Linear Algebra: Matrices, determinants, system of linear equations, eigenvalues and eigen vectors, LU decomposition.

Calculus: Limits, continuity and differentiability. Maxima and minima. Mean value theorem. Integration.

Probability: Random variables. Uniform, normal, exponential, poisson and binomial distributions. Mean, median, mode and standard deviation. Conditional probability and Bayes theorem.

Section 2: Digital Logic

Boolean algebra. Combinational and sequential circuits. Minimization. Number representations and computer arithmetic (fixed and floating point).

Section 3: Computer Organization and Architecture

Machine instructions and addressing modes. ALU, data‐path and control unit. Instruction pipelining. Memory hierarchy: cache, main memory and secondary storage; I/O interface (interrupt and DMA mode).

Section 4: Programming and Data Structures

Programming in C. Recursion. Arrays, stacks, queues, linked lists, trees, binary search trees, binary heaps, graphs.

Section 5: Algorithms

Searching, sorting, hashing. Asymptotic worst case time and space complexity. Algorithm design techniques: greedy, dynamic programming and divide‐and‐conquer. Graph search, minimum spanning trees, and shortest paths.

Section 6: Theory of Computation

Regular expressions and finite automata. Context-free grammars and push-down automata. Regular and contex-free languages, pumping lemma. Turing machines and undecidability.

Section 7: Compiler Design

Lexical analysis, parsing, syntax-directed translation. Runtime environments. Intermediate code generation.

Section 8: Operating System

Processes, threads, inter‐process communication, concurrency and synchronization. Deadlock. CPU scheduling. Memory management and virtual memory. File systems.

Section 9: Databases

ER‐model. Relational model: relational algebra, tuple calculus, SQL. Integrity constraints, normal forms. File organization, indexing (e.g., B and B+ trees). Transactions and concurrency control

Section 10: Computer Networks

Concept of layering. LAN technologies (Ethernet). Flow and error control techniques, switching. IPv4/IPv6, routers and routing algorithms (distance vector, link state). TCP/UDP and sockets, congestion control. Application layer protocols (DNS, SMTP, POP, FTP, HTTP). Basics of Wi-Fi. Network security: authentication, basics of public key and private key cryptography, digital signatures and certificates, firewalls.

Rs. 8,000 Cashback on Samsung Galaxy S8+, S8, Note 8 and many more via Paytm Mall

Guys get ready to avail this Christmas Carnival sale from December 8 to December 15. Do not waste any time and run to your nearest samsung stores to buy your favourite samsung galaxy phone upto a discount of Rs. 8000. Partnered with Paytm mall samsung is providing this amazing offer. So what are you waiting for guys.....? 

In order to avail the cashback, customers will have to visit the select Samsung outlets, scan the Paytm Mall QR code at the store, check product details and offers online and pay instantly. 

"This partnership will benefit millions of consumers and will help them get the best Samsung devices with most meaningful features at an even more attractive price," says Samsung India.

Sale Prices :
Galaxy Note 8 @ Rs 67,900 , 64GB storage model.
Galaxy S8 @ 53,900
Galaxy S8+ @Rs 58,900
Galaxy C9 @ Rs 29,900 
Galaxy C7 Pro starts @ Rs 24,900 
Galaxy S7 can be availed for as low as Rs 29,990

"Our partnership with Paytm Mall will make it easier for customers to buy Samsung smartphones at never-seen-before prices. This offer gives us an opportunity to give more value to our customers. We will continue to wow our customers with such offers. This partnership is also a great example of Samsung's 'Make for India' initiative in our distribution channels. We strongly believe in co-prosperity and this partnership gives us the perfect opportunity to work together with our trade partners on an unprecedented scale," Mr. Mohandeep Singh, Senior Vice President, Samsung India, said.

Introduction To Information Retrieval

Information Retrieval is process of finding documents that satisfies the information need from a large collection of documents.

The data in the documents can be unstructured ( like pure text files ) or structured (like the xml files or the relational database files).

Most of the data used by humans is structured. Even the documents are structured in the form of heading , body and footer.

The field of information retrieval also deals with filtering document collection as per requirement of the customer, clustering or grouping of documents as per the content and also classifying new documents automatically.

Information Retrieval systems are classified into three groups based on the scale at which they are being operated

•  Web Search 
• searching over billions of documents stored in millions of computers.
•  Personal
•  Operating systems search or email search like spam filtering etc.
•  Domain-specific
• searching only specific database like searching only organization data or database of articles etc

How to Install Prezi on Ubuntu (LInux)

Step 1:

First install Adobe Air.

You can see the instructions to install adobe air here

http://www.geekstuff4all.com/2016/10/how-to-install-adobe-air-on-ubuntulinux.html

Step 2:

Download the Prezi package here

http://cdn01.prezi.com/prezi/desktop/PreziDesktop_3.090.air

Step 3: 

Open Adobe-Air in your computer and it will prompt you to choose a package. 

Step 4: 

Select the downloaded “.air” package that you just downloaded and you are all set to install Prezi.

How to install Adobe Air on Ubuntu(LInux)

Simple Method:

step 1 : 

download shell from http://drive.noobslab.com/data/apps/AdobeAir/adobe-air.sh

(or)

sudo wget -O adobe-air.sh http://drive.noobslab.com/data/apps/AdobeAir/adobe-air.sh

step 2:

sudo chmod +x adobe-air.sh;sudo ./adobe-air.sh

Alternative Method:

Download http://airdownload.adobe.com/air/lin/download/2.6/AdobeAIRInstaller.bin

Make the .bin file executable

$ chmod a+x AdobeAIRInstaller.bin

Run the .bin file by executing following

$ ./AdobeAIRInstaller.bin

If you get a permission error and/or you're dealing with an installer that applies system-wide changes you might have to launch your application with root privileges

$ sudo ./AdobeAIRInstaller.bin

If you get error like /tmp/air.oinYTZ/setup: error while loading shared libraries: libgtk-x11-2.0.so.0: cannot open shared object file: No such file or directory, then running following commands

Install i386 libraries, that are required for successful installation and running of Adobe Air and air applications

$ sudo apt-get install libxt6:i386 libnspr4-0d:i386 libgtk2.0-0:i386 libstdc++6:i386 libnss3-1d:i386 lib32nss-mdns libxml2:i386 libxslt1.1:i386 libcanberra-gtk-module:i386 gtk2-engines-murrine:i386

Install libgnome-keyring0:i386 package.

$ sudo apt-get install libgnome-keyring0:i386

Create symlinks to gnome-keyring so Adobe Air could see it.

$ sudo ln -s /usr/lib/x86_64-linux-gnu/libgnome-keyring.so.0 /usr/lib/libgnome-keyring.so.0
$ sudo ln -s /usr/lib/x86_64-linux-gnu/libgnome-keyring.so.0.2.0 /usr/lib/libgnome-keyring.so.0.2.0

IP Addressing and Subnetting -- PART 1

Introduction To How Internet works

When a user(like you) requests the browser(process) for a website, it is converted into three major components i.e.,

1. Network ID (to identify a network in the internet)

2. Host ID (to identify a host in the network)

3. Process ID (to identify a process in the host machine)

These are used to direct your message request to the destination.

Here "geekstuff4all.com" url is converted into IP Address which is combination of two components (Network ID, Host ID).

Process ID is what is called Port Number.

Most of the port numbers are fixed for general services.

Web services use HTTP protocol according to which the default port no. for websites is 80

Some other services are FTP(21), SNDB(25) with fixed port numbers.

Functioning of Internet in Simple words...

When you make HTTP request to a website, a message packet is sent to DNS requesting for the IP Address of the website. 

After the IP address is received to the client, the actual HTTP request is sent into the internet. 

Based on Network ID in IP Address(destination) HTTP packet is routed to the specific Network.

A network contains many hosts (like a country contains many cities) and based on Host ID, the packet is routed to particular host.

A host contains many processes and based on process ID the packet finds the right process and the result of this process is now sent back to the source client which is displayed onto the browser as webpage.

What is IP Address...?

IP Address is like postal code to your computer or any other node/device in the network. It is used as address for communication in the Internet.

Why do we use name for Websites...?

Because it is very difficult to remember the IP Address.

How are Website names converted to IP Addresses...?

The DNS servers present at the ISP give you the IP Address to a website.