HP is Extending the Mission-critical Umbrella to Meet SMB Requirements: Director-BCS, HP - See more at: http://www.computerworld.in/interview/hp-extending-mission-critical-umbrella-meet-smb-requirements-director


For the new generation of systems, we have designed x86-based servers with the same design concepts like the super dome and Integrity servers, and given them the attributes of scalability, reliability, and uptime. Santanu Ghose Director , Business Critical Systems 


Santanu Ghose, director, Business Critical Systems, HP India, spoke to us about the changing industry landscape, how HP is catering to the needs of large enterprises and SMBs, and the effects of the Oracle-HP lawsuit, in India. - See more at: http://www.computerworld.in/interview/hp-extending-mission-critical-umbrella-meet-smb-requirements-director-bcs-hp-77432013#sthash.bgBYXTP3.dpuf 




Could you elaborate on the single unified architecture planned for x86 and Itanium processors?


IT has become the backbone for practically all businesses, be it small or large, or be it in the SMB, commercial or corporate segment. A lot of businesses that started with the x86 kind of environment—with Linux or Unix—are feeling the heat because they see that their applications cannot go down any further as their businesses are dependent on that. They are also seeing that their businesses are growing fast, and therefore, their IT systems should be scalable in order to grow with the business without choking. As the complexity of the handheld devices that access apps increases, the apps also need to respond faster and be highly available.
These are the challenges that some customers in the lower end of the segment—such as commercial SMB companies—are facing. Many high end large corporate customers have their mission-critical apps running on our HP UX platforms, HP OpenView platforms or the fault-tolerant NonStop Platform, and they have enjoyed very high availability and scalability and response times. But they are also seeing that IT costs are also an issue, and as their businesses are growing faster, a lot of their apps, which we call peripheral and support apps, are becoming critical. This is the dynamics of the market: While some of the organizations at the lower end of the market are going to the high end, some of the high end customers want their Linux and Windows apps to be supported the way mission-critical ones are.

What has HP done to address this need?


With this contrast between the needs of large enterprise customers and SMBs in mind, HP has looked at how Windows and Linux-based apps on x86 can be brought into the mission-critical portfolio. For the new generation of systems, we have designed x86-based servers with the same design concepts like the super dome and Integrity servers, and given them attributes and traits of a very high end system in terms of scalability, reliability, and uptime. The design concepts are same, but the processors could be different, depending on what apps are supported on them. The basic design philosophy, however, remains the same. This project is named 'Odyssey' and the underlying mission of this project is to encompass x86-based Linux and Windows-based apps into the domain of “mission-critical”. So with that, we are extending the umbrella of mission-critical to x86 and Linux and Windows environment.

Could it be said that you are opting for this modularity scheme because of the waning popularity of Itanium processors?


There will be no decline of customers for these processors. I have not seen any customer going away from Itanium; they stick to it. You might probably be referring to the revenue for the Unix systems or the Risc/Epic category may have come down. But the reason for that is completely different: Every year, the Unix and the Risc/Epic category systems deliver a system that is more efficient than those of the previous years—they become 2 or 3x more efficient in terms of price performance. So customers are doing more with less money. They are spending less money, but are able to scale up and meet their business requirements. This is more of a contribution from technology than anything else. That is why you see a revenue decrease for Unix, but it does not mean that the customers are going away. Some of the mission-critical apps which were used at the customers’ side are very much there. Also, some of the lower end segment customers are aspiring to get (their systems) to the mission-critical environment.

There are some customers in Europewho moved away from HP’s Itanium processors due to the Oracle-HP dispute. Did this dispute have a similar effect on the Indian market?


We were not affected inIndia at all. Customers who had their mission-critical apps running on the Integrity platform, with HP UX, continued to support us, and there were no instances of customers moving away to a different platform because of this issue. Rather, the customers inIndia stood by us.
So I think in many ways, we won the first part of the lawsuit with the court’s giving a diktat that Oracle will have to continue supporting HP. In many ways, this was influenced by customer feedback. Oracle finally accepted that and have now started supporting the Itanium platform for all their range of apps as well.

Has the Oracle-HP lawsuit had any kind of effect on HP's brand perception in India?


The only thing that happened in India was that the customers started saying they would wait and see (the courts verdict) before they invest (in Itanium). So, while the new Itanium investments slowed down a little, that has also turned around slowly now. Q4 was a very good quarter for Itanium.

As far as the Indian market is concerned, which of your business-critical solutions/products are faring the best?


We are seeing the rate of blade adoption going up very high. This is because blades offer a number of advantages such as better efficiency in terms of (floor space) footprint inIndia. This is important, given how floor space is at a premium inIndia and forms a big chunk of IT costs.
The second efficacy of the blade is on the power and cooling management front. You can very quickly distribute workloads because they don’t have a backplane. These are some reasons for the increased adoption of Blade Integrity products in the market. This is fast becoming our flagship product.
Eric Ernest is a correspondent for CIO India and ComputerWorld India. Send your feedback to eric_ernest@idgindia.com.


Source: Computerworld India

Now Earn Money Without Investment !!

Paid to click is one of the best site on internet to earn money so Sign up quickly

 Ptc site Are those  where users earn money for their activities. Free membership is available Worldwide. ● Get Paid for Clicking on ads ● Get Paid for Referral Clicks ● Get Paid for signups & promoting your referral link ● No Referral limit

I Personally Advice You To Use Neobux
Note- All Sites Are Trusted And Safe For Earnings

 So hurry Click On Any Ads Below To Register-
 







Mark Zuckerberg


Mark Zuckerberg – CEO and Founder of Facebook, which is founded in 2004.

Mark was charged by three Stanford senior citizens of having thieved the concept from them.This claim soon bloomed into a full-fledged suit, as a competitive organization established by the Stanford senior citizens charged Level and Mark for robbery and scams, starting a legal journey that constantly this day.New details discovered by Rubber Street Core indicates that some of the problems against MarkZuckerberg are legitimate.The primary contest around Facebook’s roots based around whether Mark had joined into an “agreement” with the Stanford senior citizens, Cameron and Tyler Winklevoss and a classmate known as DivyaNarendra, to create a similar website for them — and then, instead, delayed their venture while taking their concept and building his own.

The suit never went particularly well for the Winklevosses.

In 2007, Boston Assess Douglas P. Woodlock known as their suggestions “tissue slim.” Mentioning the agreement that Level had purportedly breached, Woodlock also had written, “Dorm room chit-chat does not make a agreement.” A season later, the end finally seemed in sight: a judge decided against Facebook’s move to disregard the situation. Quickly thereafter, the events decided to negotiate.

But then, a perspective.

After Facebook declared the agreement, but before the agreement was completed, legal professionals for the Winklevosses recommended that the disk from Level Zuckerberg’s computer at Stanford might contain proof of Mark’s scams. Particularly, they recommended that the disk involved some frightening mail messages and mail messages.

The judge in the situation rejected to look at the disk and instead postponed to another judge who went on to accept the agreement. But, normally, the opportunity that the disk involved additional proof set searching thoughts thinking what those mail messages and IMs unveiled. Particularly, it set searching thoughts thinking again whether Mark had, in fact, thieved the Winklevoss’s concept, attached them over, and then ridden off into the sundown with Myspace.

Unfortunately, since the material of Mark’s disk had not been unveiled, no one had the solutions.

Membership rights was at first limited to learners of Harvard College, and within the first month, more than half the undergrade inhabitants at Harvard was authorized on the service. Eduardo Saverin (business aspects), Dustin Moskovitz(programmer), Tim McCollum (graphic artist), and Bob Gaines soon authorized Zuckerberg to help enhance the website. In Goal 2004, Myspace extended to Stanford, The philipines, and Yale. This development ongoing when it started out to all Ivy Group and Birkenstock boston area educational institutions, and progressively most colleges in North america and the U. s. Declares.Facebook included in the summer season of 2004 and the business owner He Parker, who had been informally counseling Zuckerberg, became the organization’s chief executive. In May 2004, Facebook shifted its platform of functions to Palo Alto, Florida. The company slipped The from its name after buying the website Facebook.com in 2005 for $200,000. Facebook founders Mark Zuckerberg grew the college dorm room startup to a global tech giant with more users than most countries populations.

How To Disable Startup Programs

Start up programs runs with the windows after the welcome screen has appeared. The software developers uses this feature to run their program in background. Some programs like search tool-bars, Ask toolbar, Babylon tool-bars etc.. and some other junk programs also runs in background and uses the system resources.

We can save system resources and speedup the windows booting time disabling unuseful and junk software which are no need to run always in background.

We can save system resources and speedup the windows booting time disabling unuseful and junk software which are no need to run always in background.

Disable Startup Programs Using Msconfing

  • Open Run by pressing Win+R.
  • Type msconfig and press Enter.
  • Navigate to Startup Tab. 
  • Untick the check boxes for the programs which you want to disable.
  • Press Apply button to save the settings.
  • It will ask you to restart the computer. Select Restart to apply setting immidiately OrSelect Exit Without Restart to apply settings later.
  • You can follow the same steps on windows xp, windows Vista, windows 7 and windows 8.
Note:
  • Don't disable the motherboard, Graphics driver, Audio driver and Antivirus Programs.

WHAT IS ONLINE JOURNALISM?


Online journalism is a process that has been in use for the past years by newspapers industries,journalist e.t.c.to report facts produced and distributed through the internet.It has been noticed that people no longer buy the printed out newspapers except they want to keep it for reference purposes but the internet users sees it has a readily available and less costly network.
The internet makes news more interesting because of the interactivity and multimedia like videos,audios e.t.c. that are used.The online news organization is increasingly gloomy about its financial future and online journalist are optimistic,reporting expanding newsroom.
The internet has challenged traditional news industries in several ways to say that there is the fear that it might lose its contents to websites.

THE INTERNET AND ITS USES.


The internet is a worldwide system of computer networks which was conceived in 1969 by The Advance Research Project Agency (ARPA) of the U.S. government .It was created with the aim of creating a network that allows researchers at one university ;communicate with their counterparts at other universities.

The internet which comprises of thousand of smaller regional networks scattered throughout the globe allows communication to take place between connected computers and online users.
Today,the internet is a public,cooperated and self-sustaining facility,accessible to billions of people worldwide.What distinguishes it from other telecommunication network is its use of a set of protocol called TCP and ICP (Transmission Control Protocol and Internet Control Protocol).The internet which literally means ’network of networks’ is use for the following:
1.INFORMATION;The internet provide its users with messages ranging from job vacancies to current affairs and many more.
2.ENTERTAINMENT;It has interesting games, movies e.t.c. that are stored to entertain its users worldwide.
3.SOCIALIZATION;The internet aid social interaction between relatives,friends e.t.c.
4.EDUCATION;It develop the academic skills of learners through the educational books,tapes e.t.c. that are store.
5.ADVERTISMENT;The internet aid business activities because most business enterprises now store information about its product,diagram e.t.c.and buyers can bulk for product by using electronic fund transfer (ETF) to pay for goods purchased.
In  conclusion,the internet has develop the globe  in no little measure through its uses and this makes communication has easy as possible.

Connecting Windows Phone 8 Smartphones to PC with Windows 8


Connecting and syncing the contents of a smartphone with PC is useful for back the data on the phone.  We have seen different PC suites for Android smartphones such as Samsung Kies. For connecting Windows Smartphoneto PC, you need to have a Zune software if your system is running Windows 7 or earlier. For windows 8 you will get a app which works as a PC suite forWindows Smartphones such as Nokia Lumia 920,820, HTC 8S, HTC 8X etc. This method is tested with Lumia 920 to connect and sync with PC. However, this method works good for all the Windows Phone 8 based smartphones and if you have a Windows 8 based PC.

Connecting Windows Phone 8 based to Smartphone to Windows 8 PC:
  • Download the "Windows Phone app for desktop" by clickinghere. Install it on the PC
  • Connect your device to the PC using the USB cable comes with the phone
  • Once you have connected your Windows phone to PC, the app automatically launches. If not, then launch the "Windows Phone app for desktop" App.
  • When you connect your device for the first time, Windows shows a message asking, whether you are interested to participate in WP app improvement program. It is your choice. Select your choice and move ahead to next step
  • Now you get a screen asking the Name for your device. You can either keep the default or you can enter your choice name. Also there is a checkbox through which you can set automatic imports of photos as soon as you connect your device to PC. If you are interested, you can select it and click 'All done' button
  • In the app main screen, you will find installed apps on your phone. You can even download and install the apps for your phone from the store.
Transferring files using the Windows File Explorer: The above mentioned method you can install apps on phone. This method will only transfer files between your phone and the PC. Just go to My Computer-> select the device and the choose the directory which you want to copy or paste the file.

Syncing Contacts between Windows Phones with PC: You can sync your contacts using the Microsoft Account or even you can add your google account to sync. Once you have added your google account you can import all the contacts from Google to your PC or vice versa.

Hope this helps you to connect your Windows Phone 8 Smartphones to PC running on Windows 8. If you need any help or if you face any difficulties following this, please share it in the comment section.

Samsung PC suite Free Download for Windows


Step 1:  First visit the official Samsung PC suite Download Page.  Click Here to Visit official Samsung Support Page

Step 2: Select  "Mobile Phone" in the "Type" drop box menu and select appropriate subtype from the "Subtype"   drop down list such as Smartphone, Feature Phone, Tablet etc. Then you select your smartphone model from the "Model Number" Drop down menu. Click on "Manuals&Downloads" button.
Step 3: By default, the page opens for "Mobile Manual" download page. Now Click on "Software"  link. 
Step 4: You will get a page as shown below and Click on download button shown in below image. 

Note: If you are  unable to find the model number in the drop down list, that means either you have selected the wrong Sub type or there no PC suite available for your model. First, once again cross verify the sub type drop down menu.However, yon can try downloading the common Samsung PC suite from here.

Connecting Samsung Mobiles To Internet with PC Studio



NPS or Samsung new PC studio is used to synchronize, back up and data transfer between Samsung mobile and PC. This New Samsung PC studio can be used for using Samsung mobile to connect to the internet using mobile as a modem. Below is the step by step guide to use mobile as a modem to connect to internet from PC. The below mentioned steps helps in connecting Samsung mobiles such as Samsung Galaxy Ace, Samsung Galaxy S2, Samsung Galaxy pop, Samsung Galaxy fit, Samsung Galaxy infuse and other samsung mobiles which supports data to internet.

Starting with download Samsung PC studio if you do not have one already. You can download Samsung PC studio (NPS) from Samsung Galaxy PC Studio download. Now follow the below steps.


  • Connect your Samsung Mobile to PC through USB cable.
  • As soon as computer detects your phone, you will get popup. Select PC studio and open.
  • In PC studio we need to activate Samsung NPS internet Connector for connecting to Internet. Activation step is given in following steps.
  • In PC studio select Widget settings.
  • In Widget settings, under Add/Delete Function widget, select add Internet connector.
Configuration of PC studio to Connect to Internet
  • Open Internet connector from widgets section.
  • In Internet connector select menu and then connection settings.
  • Enter your Connection  name, Select your country name, Network provider( You can select other if your network provider is not listed), APN name of your network provider, Phone number with your country code, User id which your network provide access to internet, Password and click on add.
  • Now click on Ok and close Internet connection settings.
  • To connect to internet click on connect and give yes to pop up menu. In few minute you will get connected to internet.

Nokia Lumia 720 and Lumia 520 affordable Windows 8 Smartphones unveiled

Nokia has unveiled two affordable Lumia smartphones running on Windows Phone 8 platform- Lumia 720 and Lumia 520. Along with these two Windows phones, Nokia also launched two feature phones Nokia 105 and Nokia 301 at mobile World congress 2013 in Barcelona.
The  Nokia Lumia 720 features a 4.3 inch LCD touch screen with ClearBlack display technology and sports a resolution of 800*480 pixels. The device is powered by 1GHz dual core Snapdragon processor with 512MB of RAM.  Nokia Lumia 720 hosts features like NFC (Near-Field Communication),wireless charging and microSD support (up to 64GB) apart from 8GB of internal storage.  It has 6.7MP Carl Zeiss primary camera with LED flash  and a 1.3MP front facing camera. The Lumia 720 is expected to available in India from second quarter of 2013 and price will be 249 euros world wide.

Key Specifications of Nokia Lumia 720:

  • Microsoft Windows Phone OS 8
  • 4.3 inch  LCD touch screen with ClearBlack display technology and screen resolution of 480*800 pixels(~217 ppi pixel density). It also has Cornering Gorilla Glass protection.
  • Dual core 1GHz processor with 512MB RAM and Adreno 305
  • 6.7MP primary camera with Carl Zeiss optics and 1.3MP front facing camera
  • 8GB internal storage and upto 64GB expandable memory through microSD card
  • 2G,3G, NFC, Bluetooth, WiFi and  USB connectivity
  • Li-Ion 2000 mAh battery
Nokia Lumia 520 comes with 4 inch LCD IPS touch screen with a screen resolution of 800*480 pixels. The device is powered by Dual core 1GHz processor with 512MB RAM.  It is 9.9mm thick and weighs about 124 grams.  Lumia 520 has 5MP primary camera. The device will hit the stores in the first half of 2013 and will be priced around $183(₹9900approx).
Key Specifications of Nokia Lumia 520:
  • Microsoft Windows Phone OS 8
  • Dual core 1GHz processor with 512MB RAM
  • 4 inch IPS LCD screen with 480*800 pixels(~233 ppi pixel density)
  • 5 MP primary camera with 720p video capturing ability
  • 8GB built in storage and upto 64GB expandable storage via microSD card.
  • 2G,3G, WiFi, Bluetooth and USB connectivity
  • Li-ion 1430 mAh battery 

How to secure your email account from hackers


Has your email ever been hacked? Have you received emails from someone whose email was hacked?
If you’ve ever had your email hacked, you know the horrible feeling when you realise someone has been sending out emails from your account.
And they are not good emails. Sometimes they are nasty and sometimes they cause anxiety among the loved ones.
You hope that no one is fooled by the bogus messages, but you worry that your friends and colleagues will fall prey to the hacker’s bait.
If you have not been hacked, know that your day could be on the way and if you have, sorry, it may just happen again.
I receive many emails of people asking what to do after they have been hacked and their whole address book receives emails usually claiming that the account owner is stranded abroad and in need financial help.
Then we have the ever so common 419 scams. The Nigerian, or “419” scams are one of the most common types of fraudulent email currently hitting inboxes. The scams are also known as “419 scams” after the applicable part of the Nigerian criminal code.
The scammers, surprisingly, also use surface mail and faxes as well as email. There are a great many versions of this scam.
Although many originate in Nigeria, hence the generic term “Nigerian scam”, it is certainly not only Nigerian-based criminals that send them.
In spite of the longevity of this type of scam and the large amounts of publicity that it has received, many people around the world are still being conned out of substantial sums of money.
The messages generally claim that your help is needed to access a large sum of money, usually many millions of dollars.
But the fact is, this money does not exist. The messages are an opening gambit designed to draw potential victims deeper into the scam.
Those who initiate a dialogue with the scammers by replying to a Nigerian scam message will eventually be asked for advance fees supposedly required to allow the deal to proceed.
The best way to treat such emails is to delete them without a second glace. PCs are usually prone to hacking compared to Macs.
But Macs are not immune from attack, and spammers are starting to use Quick Response, or QR, codes to trick users into installing Trojans – benign programmes that conceal another malicious programme – onto their Android phones.
To minimise chances of being hacked, use up-to-date security programmes and appraise yourself about hacker tricks.
Such tricks include messages that pop up on your computer stating that your computer is “infected” and can be fixed with an automatic download or offering “free” or pirated versions of computer programmes.
As we approach the General Election and politicians increasingly prop-up their online presence to catch the tech-savvy population, the threat of them being hacked in the last few days or hours to the election are real and should reinforce their online security in anticipation.
Days when politicians employed tech staff that are only proficient in Ms Office are long gone. They need to train their staff or engage people who are qualified and experienced if they have serious regard for their online presence.
Several politicians in Kenya have in the past claimed that their email accounts were hacked. In the US, Mitt Romney’s Hotmail account was hacked in June, echoing a similar episode in 2008 involving Sarah Palin’s Yahoo e-mail account.
A few months ago, the social networking site LinkedIn confirmed that it was the victim of a security attack, and more than six million people had their passwords stolen.
This underscores the need to be vigilant, use up to date anti-viral software and have a strong password for your email and change it from time to time.

Tips For Safe Net Banking


Have A Safe Net banking 

1. Fraudsters can lure you to enter your user ID and password at a fake web site that resembles your bank.
Always check the URL of your bank's web site. If you see anything other than the bank's genuine URL, you know it isªfake.
Never enter your user ID or password or such sensitive information without ascertaining that you are on the right web site.
2. Check your bank's Internet policy.
Some banks have enhanced security features in Internet banking. For example, if the money that you want transferred to another account exceeds a particular sum, you will need to enter a specific password for high value deals to validate the transaction.
3. Keep changing your password at least once a month. And remember it!
4. Avoid easy-to-guess passwords, like first names, birthdays and telephone numbers. Try to have an alphanumeric password that combines alphabets and numbers.
5. Keep your operating system and browser up-to-date with the latest security patches. Install these only from a trusted web site.
6. Always log out when you exit the online banking portal. Close the browser to ensure that your secure session is terminated.
Never exit simply by closing the browser.

7. Install a personal firewall to help prevent hackers from gaining unauthorised access to your home computer, especially if you connect to the Internet through a cable or a DSL modem.
Of course, your anti-virus software should be updated every day.
8. Many banks have a 'last logged in' panel on their web sites.
If your bank has it, check the panel whenever you log in. If you notice irregularities (like you are logging in after two days, but the panel says you logged in that morning!), report the matter at once to the bank and change your password immediately.
9. Don't use the embedded links in any e-mail to get to any web page. Type the link address (URL) in your web browser.
10. Don't open, run, install or use programmes or files obtained from a person or organisation you do not know or from someone who is not a reputed vendor.
11. Don't leave the PC unattended after keying in information while transacting on the web site.
12. Don't fill out forms in e-mail messages that ask for personal financial information, like account or credit card numbers.
13. Don't, in response to any e-mail, provide your online banking user ID, passwords, credit and debit card numbers.
No bank's representative will ever ask for your user ID/ credit or debit card number/ password in any form. If they do, change the bank!
14. Don't select the option on browser that stores or retains user name and password (ie Auto Complete).
15. If you have several bank accounts, avoid using the same online banking password for all.
16. Avoid accessing the Internet banking channel at cyber cafes, which are prone to attacks by hackers. Also avoid locations that offer online connections through wireless networks (Wi-Fi), where privacy and security are minimal.

SQL Injection Tutorial: All common SQL injection problems and Solutions


What is the cause of most problems related to SQL injection?

Webdevelopers aren't always really dumb and they have also heard of hackers and have implemented some security measures like WAF or manual protetion. WAF is an Web application firewall and will block all malicous requests, but WAF's are quite easy to bypass. Nobody would like to have their site hacked and they are also implementing some security, but ofcourse it would be false to say that if we fail then it's the servers fault. There's also a huge possibility that we're injecting otherwise than we should.

A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as Cross-site Scripting (XSS) and SQL Injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

If you're interested about WAF's and how they're working then I suggest to read it from wikipedia http://en.wikipedia.org/wiki/Application_firewall

Order by is being blocked?


It rarely happens, but sometimes you can't use order by because the WAF has blocked it or some other reasons. Unfortunally we can't skip the order by and we have to find another way. The way is simple, instead of using Order by we have to use Group by because that's very unlikely to be blacklisted by the WAF.

If that request will return 'forbidden' then it means it's blocked.

http://site.com/gallery?id=1 order by 100--Then you have to try to use Group by and it will return correct :

http://site.com/gallery?id=1 group by 100-- / successStill there's an possibility that WAF will block the request, but there's on other way also and that's not very widely known. It's about using ( the main query ) = (select 1)

http://example.org/news.php?id=8 and (select * from admins)=(select 1)Then you'll probably recive an error like this : Operand should contain 5 column(s).

That error means there are 5 columns and it means we can proceed to our next step what's union select. The command was different than usual, but the further injection will be the same.

http://site.com/news.php?id=-8 union select 1,2,3,4,5--
'order by 10000' and still not error?

That's an small chapter where I'll tell you why sometimes order by won't work and you don't see an error. The difference between this capther and the last one is that previously your requests were blocked by the WAF, but here's the injection method is just a littlebit different. When I saw that on my first time then I thought how does a Database have 100000 columns because I'm not getting the error while the site is vulnerable?

The answer is quite logical. By trying order by 1000000 we're not getting the error because there are so many columns in there, we're not getting the error because our injecting isn't working.


Example : site.com/news.php?id=9 order by 10000000000-- [No Error]to bypass this you just have to change the URL littlebit.Add ' after the ID number and at the end just enter +

Example :

site.com/news.php?id=9' order by 10000000--+[Error]If the last example is working for you then it means you have to use it in the next steps also, there isn't anything complicated, but to make everything clear I'll still make an example.


http://site.com/news.php?id=-9' union select 1,2,3,4,5,6,7,8--+
Extracting data from other database.

Sometimes we can inject succesfully and there doesn't appear any error, it's just like a hackers dream. That dream will end at the moment when we'll see that there doesn't exist anything useful to us. There are only few tables and are called "News", "gallery" and "articles". They aren't useful at all to us because we'd like to see tables like "Admin" or "Administrator". Still we know that the server probably has several databases and even if we have found the information we're looking for, you should still take a look in the other databases also.

This will give you Schema names.

site.com/news.php?id=9 union select 1,2,group_concat(schema_name),4 from information_schema.schemata
And with this code you can get the tables from the schema.

site.com/news.php?id=9 union select 1,2,group_concat(table_name),4 from information_schema.tables where table_schema=0x
This code will give you the column names.

site.com/news.php?id=9 union select 1,2,group_concat(column_name),4 from information_schema.tables where table_schema=0x and table_name=0x
I get error if I try to extract tables.


site.com/news.php?id=9 union select 1,2,group_concat(table_name),4 from information_schema.tables
Le wild Error appears.

"you have an error in your sql syntax near '' at line 1"
Change the URL for this
site.com/news.php?id=9 union select 1,2,concat(unhex(hex(table_name),4 from information_schema.tables limit 0,1--

How to bypass WAF/Web application firewall

The biggest reason why most of reasons are appearing are because of security measures added to the server and WAF is the biggest reason, but mostly they're made really badly and can be bypassed really easily. Mostly you will get error 404 like it's in the code below, this is WAF. Most likely persons who're into SQL injection and bypassing WAF's are thinking at the moment "Dude, only one bypassing method?", but in this case we both know that bypassing WAF's is different kind of science and I could write a ebook on bypassing these. I'll keep all those bypassing queries to another time and won't cover that this time.


"404 forbidden you do not have permission to access to this webpage"
The code will look like this if you get the error

http://www.site.com/index.php?id=-1+union+select+1,2,3,4,5--[Error]

Change the url Like it's below.

http://www.site.com/index.php?id=-1+/*!UnIoN*/+/*!sELeCt*/1,2,3,4,5--[No error]

Is it possible to modify the information in the database by SQL injection?

Most of people aren't aware of it, but it's possible. You're able to Update, Drop, insert and select information. Most of people who're dealing with SQL injection has never looked deeper in the attack than shown in the average SQL injection tutorial, but an average SQL injection tutorial doesn't have those statements added. Most likely because most of people are copy&pasting tutorials or just overwriting them. You might ask that why should one update, drop or insert information into the database if I can just look into the information to use the current ones, why should we make another Administrator account if there already exists one?

Reading the information is just one part of the injection and sometimes those other commands what are quite infamous are more powerful than we thought. If you have read all those avalible SQL injection tutorials then you're probably aware that you can read the information, but you didn't knew you're able to modify it. If you have tried SQL injecting then you have probably faced some problems that there aren't administrator account, why not to use the Insert command to add one? There aren't admin page to login, why not to drop the table and all information so nobody could access it? I want to get rid of the current Administrator and can't change his password, why not to use the update commands to change the password of the Administrator?

You have probably noticed that I have talked alot about unneccesary information what you probably don't need to know, but that's an information you need to learn and understand to become a real hacker because you have to learn how SQL databases are working to fiqure it out how those commands are working because you can't find tutorials about it from the network. It's just like math you learn in school, if you won't learn it then you'll be in trouble when you grow up.

Theory is almost over and now let's get to the practice.

Let's say that we're visiting that page and it's vulnerable to SQL injection.


http://site.com/news.php?id=1

You have to start injecting to look at the tables and columns in them, but let's assume that the current table is named as "News".
With SQL injection you can SELECT, DROP, UPDATE and INSERT information to the database. The SELECT is probably already covered at all the tutorials so let's focus on the other three. Let's start with the DROP command.

I'd like to get rid of a table, how to do it?


http://site.com/news.php?id=1; DROP TABLE news
That seems easy, we have just dropped the table. I'd explain what we did in the above statement, but it's quite hard to explain it because you all can understand the above command. Unfortunally most of 'hackers' who're making tutorials on SQL injection aren't aware of it and sometimes that three words are more important than all the information we can read on some tutorials.

Let's head to the next statement what's UPDATE.

http://site.com/news.php?id=1; UPDATE 'Table name' SET 'data you want to edit' = 'new data' WHERE column_name='information'--
Above explanation might be quite confusing so I'll add an query what you're most likely going to use in real life :


http://site.com/news.php?id=1; UPDATE 'admin_login' SET 'password' = 'Crackhackforum' WHERE login_name='Rynaldo'--
We have just updated Administrator account's password.In the above example we updated the column called 'admin_login" and added a password what is "Crackhackforum" and that credentials belongs to account which's username is Rynaldo. Kinda heavy to explain, but I hope you'll understand.


How does INSERT work?


Luckily "INSERT" isn't that easy as the "DROP" statement is, but still quite understandable. Let's go further with Administrator privileges because that's what most of people are heading to. Adding an administrator account would be like this :

http://site.com/news.php?id=1; INSERT INTO 'admin_login' ('login_id', 'login_name', 'password', 'details') VALUES (2,'Rynaldo','Crackhackforum','NA')--
INSERT INTO 'admin_login' means that we're inserting something to 'admin_login'. Now we have to give instructions to the database what exact information we want to add, ('login_id', 'login_name', 'password', 'details') means that the specifications we're adding to the DB are Login_id, Login_name, password and details and those are the information the database needs to create a new account. So far we have told the database what information we want to add, we want to add new account, password to it, account ID and details. Now we have to tell the database what will be the new account's username, it's password and account ID, VALUES (2,'Rynaldo','Crackhackforum','NA')-- . That means account ID is 2, username will be Rynaldo, password of the account will be Crackhackforum. Your new account has been added to the database and all you have to do is opening up the Administrator page and login.

Passwords aren't working

Sometimes the site is vulnerable to SQL and you can get the passwords.Then you can find the sites username and password, but when you enter it into adminpanel then it shows "Wrong password".This can be because those usernames and passwords are there, but aren't working. This is made by site's admin to confuse you and actually the Cpanel doesn't contain any username/password. Sometimes are accounts removed, but the accounts are still in the database. Sometimes it isn't made by the admin and those credentials has been left in the database after removing the login page, sometimes the real credentials has been transfered to another database and old entries hasn't been deleted.

Sometimes i get some weird password

This weird password is called Hash and most likely it's MD5 hash.That means the sites admin has added more security to the website and has encrypted the passwords.Most popular crypting way is using MD5 hash.The best way to crack MD5 hashes is using PasswordsPro or Hashcat because they're the best and can crack the password even if it's really hard or isn't MD5. Also you can use http://md5decrypter.com .I don't like to be a person who's pitching around with small details what aren't correct, but here's an tip what you should keep in mind. The domain is saying it's "md5decryptor" what reffers to decrypting MD5 hashes. Actually it's not possible to decrypt a hash because they're having 'one-way' encryption. One way encryption means it can only be encrypted, but not decrypted. Still it doesn't mean that we can't know what does the hash mean, we have to crack it. Hashes can't be decrypted, only cracked. Those online sites aren't cracking hashes every time, they're saving already cracked hashes & results to their database and if you'll ask an hash what's already in their database, you will get the result. :)

Md5 hash looks like this : 827ccb0eea8a706c4c34a16891f84e7b = 12345
You can read about all Hashes what exist and their description http://pastebin.com/aiyxhQsf
Md5 hashes can't be decrypted, only cracked

How to find admin page of site?


Some sites doesn't contain admin control panel and that means you can use any method for finding the admin page, but that doesn't even exist. You might ask "I got the username and password from the database, why isn't there any admin login page then?", but sometimes they are just left in the database after removing the Cpanel.

Mostly people are using tools called "Admin page finders".They have some specific list of pages and will try them.If the page will give HTTP response 200 then it means the page exists, but if the server responds with HTTP response 404 then it means the page doesn't exist in there.If the page exist what is in the list then tool will say "Page found".I don't have any tool to share at the moment, but if you're downloading it yourself then be beware because there are most of those tools infected with virus's.

Mostly the tools I mentioned above, Admin Page Finders doesn't usually find the administrator page if it's costumly made or renamed. That means quite oftenly those tools doesn't help us out and we have to use an alternative and I think the best one is by using site crawlers. Most of you are probably having Acunetix Web Vulnerability scanner 8 and it has one wonderful feature called site crawler. It'll show you all the pages on the site and will %100 find the login page if there exists one in the page.


Automated SQL injection tools.

Automated SQL injection tools are programs what will do the whole work for you, sometimes they will even crack the hashes and will find the Administrator page for you. Most of people are using automated SQL injection tools and most popular of them are Havij and SQLmap. Havij is being used much more than SQLmap nomatter the other tool is much better for that injection. The sad truth why that's so is that many people aren't even able to run SQLmap and those persons are called script-kiddies. Being a script-kiddie is the worstest thing you can be in the hacking world and if you won't learn how to perform the attack manually and are only using tools then you're one of them. If you're using those tools to perform the attack then most of people will think that you're a script-kiddie because most likely you are. Proffesionals won't take you seriusly if you're injecting with them and you won't become a real hacker neither. My above text might give you an question, "But I've seen that even Proffesional hackers are using SQLmap?" and I'd like to say that everything isn't always black & white. If there are 10 databases, 50 tables in them and 100 columns in the table then it would just take days to proccess all that information.I'm also sometimes using automated tools because it makes my life easier, but to use those tools you first have to learn how to use those tools manually and that's what the tutorial above is teaching you.

Use automated tools only to make your life easier, but don't even look at them if you don't know how to perform the attack manually.

What else can I do with SQL injection besides extracting information?

There are many things besides extracting information from the database and sometimes they are much more powerful. We have talked above that sometimes the database doesn't contain Administrator's credentials or you can't crack the hashes. Then all the injection seems pointless because we can't use the information we have got from the database. Still we can use few another methods. Just like we can conduct CSRF attack with persistent XSS, we can also move to another attacks through SQL injection. One of the solution would be performing DOS attack on the website which is vulnerable to SQL injection. DOS is shortened from Denial of service and it's tottaly different from DDOS what's Distributed Denial of Service. I think that you all probably know what these are, but if I'm taking that attack up with a sentence then DOS will allow us to take down the website temporarely so users wouldn't have access to the site. The other way would be uploading our shell through SQL injection. If you're having a question about what's shell then by saying it shortly, it's a script what we'll upload to the server and it will create an backdoor for us and will give us all the privileges to do what we'd like in the server and sometimes by uploading a shell you're having more rights to modify things than the real Administrator has. After you have uploaded a shell you can move forward to symlink what means we can deface all the sites what are sharing the same server. Shelling the website is probably most powerful thing you can use on the website. I have not covered how to upload a shell through SQL injection and haven't covered how to cause DOS neither, but probably will do in my next tutorials because uploading a shell through SQL is another kind of science, just like bypassing WAF's. Those are the most common methods what attackers will put in use after they can't get anything useful out of the database. Ofcourse every website doesn't have the same vulnerabilities and they aren't responding always like we want and by that I mean we can't perform those attacks on all websites.We have all heard that immagination is unlimited and you can do whatever you'd like. That's kinda true and hacking isn't an exception, there are more ways than I can count.

What to do if all the information doesn't display on the page?
I actually have really rarely seen that there are so much information on the webpage that it all just don't fit in there, but one person recently asked that question from me and I decided to add it here. Also if you're having questions then surely ask and I'll update the article. If we're getting back to the question then the answer is simple, if all the information can't fit in the screen then you have to look at the source code because everything displayed on the webpage will be in there. Also sometimes information will appear in the tab where usually is the site's name. If you can't see the information then sometimes it's hiddened, but with taking a deeper look you might find it from the source. That's why you always have to look all the solutions out before quiting because sometimes you might think "I can't inject into that..", but actually the answer is hiddened in the source.


What is the purpose of '--' in the union+select+1,2,3,4,5-- ?
I suggest to read about null-byte's and here's a good explanation about it : http://en.wikipedia.org/wiki/Null_character because it might give you some hint why -- is being used . Purpose of adding -- in the end of the URL isn't always neccesary and it depends on the target. It doesn't have any influence to the injection because it doesn't mean anything, but it's still being used because it's used as end of query. It means if I'm injecting as : http://site.com/news.php?id=-1 union select 1,2,3,4,5-- asasdasd then the server will skip everything after -- and asasdasd won't be readed. It's just like adding to masking a shell. Sometimes injection isn't working if -- is missing because -- tells the DB that "I'm the end of query, don't read anything what comes after me and execute everything infront of me". It's just like writing a sentence without a dot, people might think it's not the end of your sentence and will wait until you write the other part of the sentence and the end will come if you add the dot to your sentence.


Credits:
Every sentence of this article is written by Crackhackforum.com staff Rynaldo.

Link Up Facebook With Google, Yahoo or MySpace Account For Auto-Login


Having many login IDs and passwords is encouraged in terms of security but it might not be a good approach for absent minded people. Nowadays, users have accounts in Youtube, Facebook, Yahoo, Google, etc. and this can translate into a huge hassle if users were to check each account every day. Having to log in to the account with the right user name, and remembering the corresponding password can lead to mishaps especially if users are not using their own laptops or desktops with pre-saved names and passwords. For easy and quick login, the social networking website, Facebook, now allows users to link their account with Google, Yahoo or MySpace. In other words, when users sign in to their Google account, e.g Gmail, they will be able to automatically login to their Facebook account without having to type in their login ID and password again.

To link up the Facebook account with their Google, Yahoo or MySpace account, users need to login to Facebook and go to Settings -> Account Settings. In the Account Settings page, click on to the “Linked Account” item. Users are given a choice of linking their Facebook to Google, Yahoo, MySpace or other open IDs.
linkaccount
To add link to their Google account, for instance, users just need to select Google in the scroll down list. Users will thence be prompted a new window which seeks users’ permission whether to allow or disallow the linking. Clicking on the “Allow” button will thence allow the social networking site to link to users’ Google account.