 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 62
 Members: 0
 Total: 62
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
GOD damn the newbie |
|
 Posted: Wed Sep 19, 2007 9:21 am |
 |
|
| fenindom |
| Beginner |
 |
|
| Joined: Sep 19, 2007 |
| Posts: 2 |
| Location: medan |
|
|
 |
|
 |
|
i didn't now anything about sql injection
usually hacker use a way Like this
www.targethack.com//bug//bug/inject
somebody can answ my Question???
1.how can we seach the bugs for php vB.php Nuke or etc
2.why bug usually like a syntax but in SQL injection we just looking a bug like www.targethack.com//bug//bug/inject
3.why SQL inject is like another web/link
Sorry for my bad english |
|
|
|
|
|
|
|
|
| Posted: Wed Sep 19, 2007 9:33 am |
|
|
| pabloski |
| Beginner |
|
|
| Joined: Sep 14, 2007 |
| Posts: 3 |
|
|
|
|
|
|
|
Hi,
SQL Injection works by passing SQL statements to a web application trough cookie, querystring or form parameters
this means you can embed you SQL statement in cookie variables ( if the web app use cookies and read them ), in querystrings ( i.e. h t t p ://www.victim.com/some_buggy_script?param=MY SQL INJECTION ) or in POST requests
for example if the script you're trying to attack execute the following SQL statement
"SELECT Nick, UserID, Password, Admin FROM Authors WHERE USERID = '" + Request.form("uID") + "'"
you can pass a uID form variable as follow: fakeid' UNION SELECT 'John', 'Doe', 'evil password', TRUE FROM Authors--
the resulting query will be
"SELECT Nick, UserID, Password, Admin FROM Authors WHERE USERID = 'fakeid' UNION SELECT 'John', 'Doe', 'evil password', TRUE FROM Authors--'
because fakeid doesn't exist in the remote DB, the first SELECT will return no recordset while the second will return the recordset composed by ('John', 'Doe', 'evil password', TRUE)
this means you have forced the app to recover a user with uID='Doe' and Password='evil password'
this means you can bypass the login procedure |
|
|
|
|
|
|
so...... |
|
| Posted: Wed Sep 19, 2007 9:49 am |
|
|
| fenindom |
| Beginner |
|
|
| Joined: Sep 19, 2007 |
| Posts: 2 |
| Location: medan |
|
|
|
|
|
|
| how can i search the bug or create the SQL statement in put in to the site database. |
|
|
|
|
|
Re: so...... |
|
| Posted: Wed Sep 19, 2007 11:43 am |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| fenindom wrote: | | how can i search the bug or create the SQL statement in put in to the site database. |
You can search bugs by 2 ways:
1. Download some opensource software and research source code.
If you find bug, then you can hack all the websites based on that software.
2. Test random websites against sql injection bugs and when you see sql related error messages, try to exploit them to get what you want - passwords, usernames, etc.
More experienced attackers can exploit sql injection holes even without any error feedback - this is called "blind sql injection".
 |
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
