raZer

SQL Injection

14 posts in this topic

I just read a post by tokachu where he posted a really simple SQL injection exploit (here) and I was wondering where I can learn how to figure out something like that?

I read up a bit on SQL injection but there were only complicated examples, nothing like in that post, and I couldn't try my own injection

Where can I learn how to find details about a SQL database on a website and then use injection to get passwords or access or something?

Edited by raZer
0

Share this post


Link to post
Share on other sites

The ability to perform an SQL injection is the result of poor porgramming. If you uncover a site that is vulnerable to SQL injection, you should notify the site owner and contribute to the positive Hacker image so we can break the stigma that the mainsteam media is pwning the public with.

Unfortunaly it is very common, take a look at anyone of the security alert sites like Secunia and you can see all the alerts.

This is a Blackhat

presentation on SLQ injection. At the very least it will give you an overview of the different types of SQL injection.

This is a white paper that has specific details on Blind SQL Injection and more importantly how NOT to make your own programs vulnerable to it.

Edited by 2geeky
0

Share this post


Link to post
Share on other sites
The ability to perform an SQL injection is the result of poor porgramming. If you uncover a site that is vulnerable to SQL injection, you should notify the site owner and contribute to the positive Hacker image so we can break the stigma that the mainsteam media is pwning the public with.

Be sure to maintain absolute anonymity! Humans can be irrational and, unfortunately, view a helping hand as a threat and admins are only human!

That being said, I am sure there are some "wargame" or trainer type sites out there that will have a simple challenge like this. hack this site might have one, but I just stated their last night and am only at level 5, which is javascript injection. HTS seemed to have some affiliates that were also trainers, so poke around.

0

Share this post


Link to post
Share on other sites

the best part to learn about sql injection would be to learn about sql and how to create a database add/remove items and then search and retrieve items. Once you know how to do that you can look at a field where you input data and think of a way to input a string that will give you access to other datafields.

0

Share this post


Link to post
Share on other sites

Thanks for all the help every1.

I better start reading...

0

Share this post


Link to post
Share on other sites
www.hackthissite.org Alot of their missions/challenges include SQL Injection task. Their forums also contain alot of FAQ's and FAQ-links for SQL Injection, JavaScript Injection, ect...nice place to visit every once and a while.
0

Share this post


Link to post
Share on other sites

I've heard a lot of good things about HTS, but when I click on one of the missions (eg:Basic Web) then it says " FORBIDDEN

Session IP does not match user IP. Access denied."

0

Share this post


Link to post
Share on other sites
The ability to perform an SQL injection is the result of poor porgramming. If you uncover a site that is vulnerable to SQL injection, you should notify the site owner and contribute to the positive Hacker image so we can break the stigma that the mainsteam media is pwning the public with.

Be sure to maintain absolute anonymity! Humans can be irrational and, unfortunately, view a helping hand as a threat and admins are only human!

That being said, I am sure there are some "wargame" or trainer type sites out there that will have a simple challenge like this. hack this site might have one, but I just stated their last night and am only at level 5, which is javascript injection. HTS seemed to have some affiliates that were also trainers, so poke around.

wha? is hackthissite fixed? last i heard lvl 5 and up were all fucked up.

0

Share this post


Link to post
Share on other sites

some of the missions are still a little flaky...but the Forbidden IP error, i was having issues with that until i figured out that zonealarm on my windows machine was messing it up somehow.

0

Share this post


Link to post
Share on other sites

Oh crap! I've got ZoneAlarm! How do I prevent it from screwing up HTS?

0

Share this post


Link to post
Share on other sites

That was just my fix...check their boards, if I remember right they had a troubleshooting post on what exactly causes that error.

0

Share this post


Link to post
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now