Thursday, June 28, 2012

Response Regarding Java Projects


WE Have Completed Projects So Far ...  Kindly Mail Me ..  anujsachan@anujsachan.in  for Receive your Projects.
                      List Of Core Java Projects

    1.  College Attendance System
    2.  COMPUTER ASSISTED HUMAN RELATIONS TRACKING
    3.  Distributed Cycle Minimization Protocol
    4.  Graphical User Interafce
    5.  Image Enhancement Techchnology
    6.  LOAD BALANCING
    7.  NetSurey Simulation
    8.  NETWORK BORDER PATROL
    9.  Network Database Junction
    10. Network Routing
    11. S.V-Hospital-managment
    12. Active Source Routing Protocol For Mobile Networks
    13. Client-Server Protocol Implementation
    14. Congestion Control Using NETWORK BASED PROTOCOL
    15. Data Transmission Using Multi-Tasking-Sockets
    16. Effective Transmission of Data through RBPH for Group Communication
    17. Efficient Key Management For Threshold-Multi Signature In Distributed System
    18. Empowering the RMI in Java Approach
    19. Error Control System In Network Environment
    20. Error Tracking System
    21. Group Key Management and Secured Protocols for Peer Group Communication
    22. IMPLEMENTATION OF BPCS-STEGANOGRAPHY
    23. INCREASING EFFICIENCYIN WIRELESS NETWORK
    24. J-TEXTEDITOR
    25. LAYER TO FORWARD PROTOCOL
    26. NaturalLanguageProcessing
    27. Proposed Key Generation For Multimedia Application
    28. Re-Ordering Of Packets Using Retransmission Timer
    29. SECURITY SYSTEM FOR DNS USING CRYPTOGRAPHY
    30. -Interested Routing In Online Environment
    31. Terminode remote routing
    32. Three Party Authentication for key Distributed Protocol using Classical and Quantum Cryptography
    33. VideoConferencingSystem
    34.  WebDesk
    35. CHATING MANAGMENT
    36. JCHAT



                 List Of Servlets and JSP Projects

    1.  Banking managment
    2.  Bug Tracking
    3.  Chat-Server-system
    4.  College Information System
    5.  CourierInformationSystem
    6.  CYBER_SHOPPING
    7.  Data Centric Knowledge Management System
    8.  Distributed Cycle Minimization Protocol
    9.  E-COMMERCE Mechanism
    10. Finance Managment
    11. Global intractive solutins
    12. Health Center System
    13. IntranetChatting
    14. MobileService management
    15. NetConferening
    16. online order processing system with AJAX enabled
    17. OnLineExam process
    18. web based Manufacturing
    19. WEBREPORTING PROCESS
    20. Andhra Pradesh State Finance Corporation (APSFC)
    21. Classifieds
    22. Customer Relationship Management for AIRLINE Industry
    23. DataMart Management Software
    24. E Procurement System
    25. e-Classifieds
    26. Ecommerce shopping cart
    27. Elearn
    28. Employee Resource Info sys
    29. ENTERPRISE REOURCE PLANNING MANAGEMENT
    30. e-Shopping
    31. E-TRANSACTION_Totalproj
    32. EWheelz
    33. EzeeMail system
    34. foresty management system
    35. Fuji Distribution
    36. global communication
    37. GLOBAL COMMUNICATION MEDIA
    38. Google map-wc
    39. GovtSchemes-wc
    40. human resource management system
    41. Info ware Services
    42. Insurance
    43. Intranet Mailing System
    44. Intrusion Detection System over Abnormal Internet Sequence
    45. Lending Tree
    46. Master and Science Research Center
    47. Matrimony.com
    48. MediTracker
    49. MingleSpot
    50. net-banking
    51. On-line java compiler with security editor
    52. ONLINE_EXAMS_POJECT
    53. OnlineBanking
    54. OnlineLibrary
    55. PayRoll
    56. Pharmacy system
    57. product service management system
    58. Project online music application
    59. project status info system
    60. project status information system
    61. Resource out Sourcing
    62. ResourcePlanner
    63. SecuredNetAuction
    64. ShoutBox
    65. smartcard
    66. SpeedAge
    67. Status Information System
    68. StockAnalyzer
    69. stores management system
    70. TelecomConnectionSystem-wc
    71. Univesity Admission System
    72. Web-Based Library


                                 List Of Struts Projects

    1. Vehicle Identification
    2. ASC
    3. common employement system-Struts
    4. mobile technology  (J2ME)
                             List Of EJB Projects

    1. NET-BANKING-SYSTEM
    2. corporate management system
    3. ESale
    4. Web Auction
    5. WebServices
    6. Net Banking System process

 

Tuesday, June 14, 2011

SQL Injections
SQL stands for structured query language. It is a language that is used by a website to communicate with the database. The main SQL functions are simple and can be learned very quickly. For example the code
SELECT * FROM users WHERE name = ‘username’




Will select anyone in the database that has the name ‘username’. The SQL commands are usually entered in capital letters.
PHP pages (like these) can have SQL commands built into them. However, sometimes the SQL built into them can be manipulated using SQL injections.

How to do this



Lets start with a very simple SQL injection. Say there is a table called "users" that has a field in it called UserID. Now there is a script on the site that lets you enter the UserID and the SQL will fetch the information about the person who owns the UserID. The SQL for it is as follows:


SELECT * FROM `users` WHERE UserID= $ID


The * means select all that match that ID. $ID is the ID that you enter into a text box on the site. Now say instead of entering a number, you enter the word UserID. This will make the SQL perform the following query:


SELECT * FROM `users` WHERE UserID= UserID


This is just like doing a 1=1 SQL injection. The UserID is always equal to itself. So the result of the SQL query would be the page showing you the user details of every single person registered to that site.

In simple terms, what you enter becomes part of the SQL query – meaning that you can type SQL commands into the site and these commands will be added to the actual SQL query.

Now lets try another SQL query. This is one of the most commonly used SQL injections that are tried on sites. If there is a login box asking for a username and password on the site (my one is protected) the username and password will be compared to all usernames and passwords stored in the database. Say the SQL is this:


SELECT * FROM users WHERE username = $username;



SELECT * FROM users WHERE password = $password;


$username and $password again being the usernames and passwords entered into the PHP form. Now if the following details were to be entered into the username and password boxes:

'Username' or 1=1

'Password' or 1=1

The resulting SQL query is:
SELECT * FROM users WHERE username = 'Username' or 1=1;

SELECT * FROM users WHERE password = 'Password' or 1=1;


This tricks the site using the 1=1 statement at the end. There is no field called ‘1’ in the database so its basically saying if 1=1 which it always does. So the result of this SQL injection is usually the attacker being logged in as the first username on the list, which in most cases is the admin. This gives you full admin control over the site.

String terminator

In SQL, a double dash (--) signifies the end of the string. Adding a double dash to the end of your SQL injection basically makes anything after it a comment, thus making the webpage ignore it.

This is useful for making the server ignore the final quotation mark at the end of an SQL command. E.g. if the SQL looked like this:

SELECT * FROM `users` WHERE username=' $_POST['uname']';
(POST is the PHP command to get information from a form) entering the command above but with a double dash will solve this problem. The SQL statement would now look like this:

SELECT * FROM `users` WHERE username=' ' or 1=1--';
because of the double dash at the end, the '; gets ignored making the query valid and again 1 is always equal to 1 so it will select the first username in the database, which is usually the Admin.


The Drop / Create Commands




The DROP command isn't really recommended. This is another method of deleting. This command can be used to delete a whole database if the SQL isn't properly sanitized. for example entering the command:

a'; DROP TABLE `users`; --

Into a username/password box will search the database for the username/password a then delete the whole database afterwards. However this is very malicious and usually doesn't benefit you in any way.

The create command as predicted will create a new table in the database. For example

a'; CREATE TABLE `hello`; --

will create a new table in the database called hello, again though this has no use.



Shutdown




This command is also a very malicious command, some SQL servers have this command running and when the correct command is entered, it will cause the system to shutdown, taking the whole site offline temporarily. This is rarely ever successful, but for example if you entered the username:

'; shutdown with nowait; --

and left the password field when you tried to login the system would shutdown immediately.



Wild cards




To make the chance of guessing a username or password even higher, there is also wildcards. The most popular is a % sign. This when going with a LIKE statement makes things a lot easier.

For example, does the admin's password have an 'm' in it?



SELECT * FROM users WHERE name='Admin' AND password LIKE '%m%'
does it start with m?

SELECT * FROM users WHERE name='Admin' AND password LIKE 'm%'
does it begin mo?

SELECT * FROM users WHERE name='Admin' AND password LIKE '%m %o%'
is the third letter an e?

SELECT * FROM users WHERE name='Admin' AND password LIKE '__e%'
This is used with the "Exists" command.



Finding out Info




If you don't know anything at all about the structure of the database, These 2 commands should help. For example, say you don't know the name of the database, This command will check if the name of the database contains the letter 't'

' OR EXISTS(SELECT 1 FROM dual WHERE database() LIKE '%t%') AND ''='
This will help get the database name, once you have accomplished this you will need to know the table names inside the database, To check this you use the following command: (checks if there is a table called 'users' in the database)

' OR EXISTS(SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='test' AND TABLE_NAME='users') AND ''='
Hopefully showing a positive result.



Magic Quotes




Because of the problems SQL injections can produce, A lot of sites use magic quotes. These simply add a backslash (\) to all quotation marks (‘ ") entered into the form making the SQL invalid. It can sometimes be hard to tell if a site is using magic quotes or not so try the SQL and see.



This is just the start of basic SQL injections. The combination of possible SQL injections to try is endless For more, check out
Wikipedias article and research for further, for example ALTER and UNION commands. Learning SQL would also benefit you.

Sunday, February 13, 2011

Gate 2010 Solution keys has been released....All D best


CS & It

Set:-C

1A2D3D4D5B6A7c
8B9C10C11A12C13B14C
15B16B17D18B19A20C21B
22B23A24B25A26D27A28D
29D30A31D32A33D34A35C
36B37C38C39A40B41D42B
43B44A45C46C47A48D49B
50D51B52A53C54B55C56A
57A58D59A60B61A62C63D
64A65A



EC

Paper Code: B


1D2C3B4D5B6A7B
8A9C10B11A12D13A14C
15B16A17A18C19A20D21D
22D23A24C25A26A27A28A
29A30D31D32D33D34B35B
36C37D38B39B40B41C42C
43C44D45A46B47C48B49C
50C51D52A53C54D55D56A
57C58B59D60D61A62C63D
64C65B