Question

Could someone show me two different ways a hacker can get into a program by exploiting weaknesses in code? Also, could you show me examples that shows the potential vulnerability. Could you show me the website where you got those examples. Thank you.

Answer 1

Note: If you like my efforts then please do upvote this answer. I really need it. I hope you will like my answer because I am sharing my personal experience as well.

-----------------------------------------------------------------------------------------

There are multiple ways a hacker can get into a program. I am explaining two of them and the third one is my experience.

1. SQL Injection attacks: SQL stands for Structured Query Language. It is used to interact with the database. Like we can update the data, retrieve the data or even delete the data. Now the first step of doing all of these is Login. You need to have a login ID and password to access the database. An SQL injection attack places SQL into a web form in an attempt to get the application to run it. For example, instead of typing plain text into a username or password field, a hacker may type in ‘ OR 1=1. As you can see that 1=1 which is true and the sole purpose of the login is to check if the user exists in the database or not. This can allow a hacker to gain access to a restricted section of a website. After gaining the access hacker can do anything with the data. But now a days it is really difficult to fool the system with such attack.

2. Cross Site Scripting (XSS):
   Cross Site Scripting is a serious vulnerability which is usually used for website hacking. It is one of the more difficult vulnerabilities to deal with. Many XSS attacks use malicious scripts embedded in hyperlinks. When the user clicks on the hyperlinks, the sensitive information may be compromised, hijack a web session or take over a user account.
   
   

My experience: I personally love hacking(whiteHat). WhiteHat means finding the vulnerabilities/loop holes in a software and then aware the company about it. When I was in my college I was checking out an OTT platform. At OTT platform we can watch shows but it's a paid service. I was not a OTT platform user but I still got the access to watch all the shows without even paying even a single penny. What I did is that, I signed in as a normal user and at the time of paying the money for OTT subscription I filled the wrong Credit card details. Soon after I received an e-mail saying that your payment is under process but when I opened the OTT app, I was able to access all the shows. This was a major bug in that OTT platform. I enjoyed the free shows for one years without even paying anything.

I hope you like the answer. Please upvote it.

WebsiteLink: I cannot directly paste the link here. Just google "Website Hacking - The Most Common Techniques And Methods". Open the first link and that's it.