Thursday, 25 December 2014

How can i earn online?

                                  How can we earn online ?

hi friends hope you are fine and enjoying your life.
now i am going to start my trick about how can we earn online and which PTC(Pay per click) site is really paying and its not scam 
friends i am also searching alot of site and i was also waste alot of money in ptc site finally i got some good trust able site in this scam word mostly ptc site are fake and just scam so do not waste you money just visit this site and start earning with it its admins do not ask u for invest first then we should send you your payment you can buy pattner ship from your account on which you are working but with investment this work slowly but its work okay these are the some site in following but on 1st point i am working on this site and it is paying since 2009 soo i recommend you to chose this okay

Monday, 22 December 2014

Free Viewer (All Document Editor/Viewer,All Image Editor/Viewer,All Video/Audio Player)

        Free Viewer (All Document Editor/Viewer,All Image Editor/Viewer,All Video/Audio Player)

Aslam o alykm ,

HI, 
friends Hope you are fine and enjoying your life remaining days with your kids friends mom and dad and wife and all Peoples
lets start the information and software reviews ,
Now am gonna ask you about my new software research its a good software and easy to use this is not only software its an image editor also.
If Microsoft office is not installed in your computer then you do not need it because this software can easily open office files from this software you can change any file formate you can convert it in many forms like RAR ZIP IMAGE H|JPG BIMP PNG GIF .DOC .EXE etc you can do it easily and now you do not need any other software to listen music or open any other file which's software cant installed in your computer at that time when you need it.

You can know more about it after seeing screen shots 

                 File Formats

3GP7zAMRARWASP
ASPXAVIBATBMPC
CF2CFGCR2CRWCS
CSSCSVDEBDNGDOC
DOCXDOTDOTXEMLERF
FLACFLVGIFGZHTM
HTMLICAICOINIJAR
JAVAJPEGJPGJSJSP
KMLLOGMEFMIDMKV
MOVMP3MP4MPEGMPG
MRWMSGNEFODTORF
PAGESPDFPEFPHPPNG
PPSPPTPPTXPSDQIF
RAFRARRAWREGRESX
RTFSQLSR2SRTSVG
SWFTARTGZTIFTIFF
TORRENTTXTVBVCFWAV
WMVWPSX3FXFDLXLS
XLSMXLSXXMLXPIXPS
ZIP


                                                CLICK HERE TO DOWNLOAD SOFTWARE

Now Check Your Device Is Orignal or not (ONLY FOR SAMSUNG)

Now Check Your  Device Is Orignal or not (ONLY FOR SAMSUNG)

Asalam o alykum,

HI friends
 Hope you are fine and enjoying your life with your family and friends.
Now lets Start TRick
So much peoples wants to know about his/her mobiles are original or not. if yes its orignal then how ? If not then also how ? 
So much questions are in his/her minds so today i am gona clear these questions so lets start the trick 
Follow the instructioms carefully okay 


                                                       
Phone INFO+ ★Samsung★

Updated
July 28, 2014

Size
319k

Installs
500 - 1,000

Current Version
1.9.0

Requires Android
1.6 and up
Now Lets see The screen shots


Good Bye Friends Hope This My little TRick Answered your all Questions
Remember me in your Good Prayers 

Now Download and Watch Youtube Vedios on your Mobile


Hope you are fine and enjoying your life.
Now am going to share that site which is like YouTube which videos  you was search on YouTube now you can search those videos there and you can able to download and watch tht vedio whch was search on it. Espasically this trick working in Pakistan because due to some rules break Pakistani Governament Block youtube here so Pakistani users and other country users can easily download and watch youtube vedios and easily download these .

Now you can download any  format vedioes from here
IN Mp3 
IN 3gp IN 3gp High QualityIN 3gp Low QualityIN mp4 Low QualityIN mp4 High quality (HD)IN mp3  Good Bitrates
so enjoy


                Click Here For Visiting Web Site 
   
Stay connect with readtricks share ths on face book twitter and google+ 

Telenor ki aur free service or sath sath free 500 ka jetne ka moka

  dosto kese ho sb  thek thak ho ge to dosto abi 6363 dial kren or free service se lutf andoz ho or sawalo ke jawabat de kr 500 ka balance jetne ka moka paen.

Sunday, 21 December 2014

Who is using my Wifi?

Hi
Friends hope you are fine and enjoying your life.
Lets start trick
i am going to gave you one software which help you to stop other user which are using your wifi
see in pics
here is the Toutorial
you can block them easily





                                    Click Here To DOwnload WHOIS ON MY WIFI

Mobilink monthly offer

MAHANA OFFER Ab Mobilink numbers per calls keren bilkul MUFT. Offer k liye 29 Dec tak *828# mila ker sirf Rs.150+T main 30 din k liye 1500 Mobilink mins payen

Wednesday, 17 December 2014

SQL Injections (toutorial)

                           SQL Injections

SQL stands for structured query language. It is a language that is used by a website to communicate with the database. The main SQL functions are simple and can be learned very quickly. For example the code 


                                      SELECT * FROM users WHERE name = ‘username’


Will select anyone in the database that has the name ‘username’. The SQL commands are usually entered in capital letters. 

PHP pages (like these) can have SQL commands built into them. However, sometimes the SQL built into them can be manipulated using SQL injections.

                                         How to do this?

Lets start with a very simple SQL injection. Say there is a table called "users" that has a field in it called UserID. Now there is a script on the site that lets you enter the UserID and the SQL will fetch the information about the person who owns the UserID. The SQL for it is as follows:  
                           
                                         SELECT * FROM `users` WHERE UserID= $ID    
     
The * means select all that match that ID. $ID is the ID that you enter into a text box on the site. Now say instead of entering a number, you enter the word UserID. This will make the SQL perform the following query:    

                                       SELECT * FROM `users` WHERE UserID= UserID

This is just like doing a 1=1 SQL injection. The UserID is always equal to itself. So the result of the SQL query would be the page showing you the user details of every single person registered to that site.

In simple terms, what you enter becomes part of the SQL query – meaning that you can type SQL commands into the site and these commands will be added to the actual SQL query.


Now lets try another SQL query. This is one of the most commonly used SQL injections that are tried on sites. If there is a login box asking for a username and password on the site (my one is protected) the username and password will be compared to all usernames and passwords stored in the database. Say the SQL is this:

                                     SELECT * FROM users WHERE username = $username;

                                    SELECT * FROM users WHERE password = $password;
$username and $password again being the usernames and passwords entered into the PHP form. Now if the following details were to be entered into the username and password boxes: 

'Username' or 1=1 

'Password' or 1=1 

The resulting SQL query is:
                             
                                            SELECT * FROM users WHERE username = 'Username' or 1=1

                                           SELECT * FROM users WHERE password = 'Password' or 1=1;

This tricks the site using the 1=1 statement at the end. There is no field called ‘1’ in the database so its basically saying if 1=1 which it always does. So the result of this SQL injection is usually the attacker being logged in as the first username on the list, which in most cases is the admin. This gives you full admin control over the site. 
String terminator

In SQL, a double dash (--)  signifies the end of the string. Adding a double dash to the end of your SQL injection basically makes anything after it a comment, thus making the webpage ignore it.

This is useful for making the server ignore the final quotation mark at the end of an SQL command. E.g. if the SQL looked like this:
SELECT * FROM `users` WHERE username=' $_POST['uname']';
(POST is the PHP command to get information from a form) entering the command above but with a double dash will solve this problem. The SQL statement would now look like this: 

SELECT * FROM `users` WHERE username=' ' or 1=1--';
because of the double dash at the end, the '; gets ignored making the query valid and again 1 is always equal to 1 so it will select the first username in the database, which is usually the Admin
The Drop / Create Commands
    The DROP command isn't really recommended. This is another method of deleting. This command can be used to delete a whole database if the SQL isn't properly sanitized. for example entering the command:

a'; DROP TABLE `users`; -- 

Into a username/password box will search the database for the username/password a then delete the whole database afterwards. However this is very malicious and usually doesn't benefit you in any way. 

The create command as predicted will create a new table in the database. For example
a'; CREATE TABLE `hello`; -- 

will create a new table in the database called hello, again though this has no use.

 
                        Shutdown

This command is also a very malicious command, some SQL servers have this command running and when the correct command is entered, it will cause the system to shutdown, taking the whole site offline temporarily. This is rarely ever successful, but for example if you entered the username:
'; shutdown with nowait; --
and left the password field when you tried to login the system would shutdown immediately.

 

                                   Wild cards




To make the chance of guessing a username or password even higher, there is also wildcards. The most popular is a % sign. This when going with a LIKE statement makes things a lot easier.

For example, does the admin's password have an 'm' in it?

 

SELECT * FROM users WHERE name='Admin' AND password LIKE '%m%'
does it start with m?

SELECT * FROM users WHERE name='Admin' AND password LIKE 'm%'
does it begin mo?
SELECT * FROM users WHERE name='Admin' AND password LIKE '%m %o%'
is the third letter an e?

SELECT * FROM users WHERE name='Admin' AND password LIKE '__e%'
This is used with the "Exists" command.



                     Finding out Info



If you don't know anything at all about the structure of the database, These 2 commands should help. For example, say you don't know the name of the database, This command will check if the name of the database contains the letter 't'
' OR EXISTS(SELECT 1 FROM dual WHERE database() LIKE '%t%') AND ''='
This will help get the database name, once you have accomplished this you will need to know the table names inside the database, To check this you use the following command: (checks if there is a table called 'users' in the database)
' OR EXISTS(SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='test' AND TABLE_NAME='users') AND ''='
Hopefully showing a positive result.
 

                             Magic Quotes




Because of the problems SQL injections can produce, A lot of sites use magic quotes. These simply add a backslash (\) to all quotation marks (‘ ") entered into the form making the SQL invalid. It can sometimes be hard to tell if a site is using magic quotes or not so try the SQL and see.

 

This is just the start of basic SQL injections. The combination of possible SQL injections to try is endless For more, check out
 Wikipedias article and research for further, for example ALTER and UNION commands. Learning SQL would also benefit you.

SQL Injection: What is it?

SQL Injection: What is it?


SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

in essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.

SQL Injection: An In-depth Explanation

Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. Databases are central to modern websites – they store data needed for websites to deliver specific content to visitors and render information to customers, suppliers, employees and a host of stakeholders. User credentials, financial and payment information, company statistics may all be resident within a database and accessed by legitimate users through off-the-shelf and custom web applications. Web applications and databases allow you to regularly run your business.

SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.

Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.

Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.

These website features are all susceptible to SQL Injection attacks which arise because the fields available for user input allow SQL statements to pass through and query the database directly.

SQL Injection: A Simple Example


Take a simple login page where a legitimate user would enter his username and password combination to enter a secure area to view his personal details or upload his comments in a forum.

When the legitimate user submits his details, an SQL query is generated from these details and submitted to the database for verification. If valid, the user is allowed access. In other words, the web application that controls the login page will communicate with the database through a series of planned commands so as to verify the username and password combination. On verification, the legitimate user is granted appropriate access.

Through SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it. This is only possible if the inputs are not properly sanitised (i.e., made invulnerable) and sent directly with the SQL query to the database. SQL Injection vulnerabilities provide the means for a hacker to communicate directly to the database.

The technologies vulnerable to this attack are dynamic script languages including ASP, ASP.NET, PHP, JSP, and CGI. All an attacker needs to perform an SQL Injection hacking attack is a web browser, knowledge of SQL queries and creative guess work to important table and field names. The sheer simplicity of SQL Injection has fuelled its popularity.

Why is it possible to pass SQL queries directly to a database that is hidden behind a firewall and any other security mechanism?

Firewalls and similar intrusion detection mechanisms provide little or no defense against full-scale SQL Injection web attacks.

Since your website needs to be public, security mechanisms will allow public web traffic to communicate with your web application/s (generally over port 80/443). The web application has open access to the database in order to return (update) the requested (changed) information.

In SQL Injection, the hacker uses SQL queries and creativity to get to the database of sensitive corporate data through the web application.
QL or Structured Query Language is the computer language that allows you to store, manipulate, and retrieve data stored in a relational database (or a collection of tables which organise and structure data). SQL is, in fact, the only way that a web application (and users) can interact with the database. Examples of relational databases include Oracle, Microsoft Access, MS SQL Server, MySQL, and Filemaker Pro, all of which use SQL as their basic building blocks.

QL commands include SELECTINSERTDELETE and DROPDROP is as ominous as it sounds and in fact will eliminate the table with a particular name.
In the legitimate scenario of the login page example above, the SQL commands planned for the web application may look like the following.

SELECT count(*)
FROM users_list_table WHERE username=’FIELD_USERNAME’ AND password=’FIELD_PASSWORD” "


In plain English, this SQL command (from the web application) instructs the database to match the username and password input by the legitimate user to the combination it has already stored.
Each type of web application is hard coded with specific SQL queries that it will execute when performing its legitimate functions and communicating with the database. If any input field of the web application is not properly sanitised, a hacker may inject additional SQL commands that broaden the range of SQL commands the web application will execute, thus going beyond the original intended design and function.
A hacker will thus have a clear channel of communication (or, in layman terms, a tunnel) to the database irrespective of all the intrusion detection systems and network security equipment installed before the physical database server.

Is my database at risk to SQL Injection?

SQL Injection is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against SQL Injection, there are a large number of web applications that remain vulnerable.
According to the Web Application Security Consortium (WASC) 9% of the total hacking incidents reported in the media until 27th July 2006 were due to SQL Injection. More recent data from our own research shows that about 50% of the websites we have scanned this year are susceptible to SQL Injection vulnerabilities.
It may be difficult to answer the question whether your web site and web applications are vulnerable to SQL Injection especially if you are not a programmer or you are not the person who has coded your web applications.
Our experience leads us to believe that there is a significant chance that your data is already at risk from SQL Injection.
Whether an attacker is able to see the data stored on the database or not, really depends on how your website is coded to display the results of the queries sent. What is certain is that the attacker will be able to execute arbitrary SQL Commands on the vulnerable system, either to compromise it or else to obtain information.
If improperly coded, then you run the risk of having your customer and company data compromised.
What an attacker gains access to also depends on the level of security set by the database. The database could be set to restrict to certain commands only. A read access normally is enabled for use by web application back ends.
Even if an attacker is not able to modify the system, he would still be able to read valuable information.

What is the impact of SQL Injection?

Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker your database and allowing him to execute any SQL command including DROP to the database.
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to manipulate existing queries, toUNION (used to select related information from two tables) arbitrary data, use sub-selects, or append additional queries.
In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures, it could spell disaster.
Unfortunately the impact of SQL Injection is only uncovered when the theft is discovered. Data is being unwittingly stolen through various hack attacks all the time. The more expert of hackers rarely get caught.

Example of an SQL Injection Attack

Here is a sample basic HTML form with two inputs, login and password.

<form method="post" action="http://testasp.vulnweb.com/login.asp">
<input name="tfUName" type="text" id="tfUName"> <input name="tfUPass" type="password" id="tfUPass"> </form> "

The easiest way for the login.php to work is by building a database query that looks like the following.

SELECT id FROM logins WHERE username = '$username' AND password = '$password’

If the variables $username and $password are requested directly from the user’s input, this can easily be compromised. Suppose that we gave Joe as a username and that the following string was provided as a password: anything' OR 'x'='x

SELECT id FROM logins WHERE username = 'Joe' AND password = 'anything' OR 'x'='x'

As the inputs of the web application are not properly sanitised, the use of the single quotes has turned the WHERE SQL command into a two-component clause.
The 'x'='x' part guarantees to be true regardless of what the first part contains.
This will allow the attacker to bypass the login form without actually knowing a valid username/password combination.

How do I prevent SQL Injection attacks?

Firewalls and similar intrusion detection mechanisms provide little defense against full-scale web attacks. Since your website needs to be public, security mechanisms will allow public web traffic to communicate with your databases servers through web applications. Isn’t this what they have been designed to do?
Patching your servers, databases, programming languages and operating systems is critical but will in no way the best way to prevent SQL Injection Attacks.