Dropkick Murphy
12-16-2005, 03:41 AM
ok, i again apologize for being a newbie, but... everyone is at one point...right?
well, ok. im attempting to understand the principles of sql injection attacks. im pretty sure i understand the logic, but i dont understand how to actually perform one. understand that i have just VERY recently begun the process of understanding coding, viewing sources, and such, so i dont have experience in coding. (which seems needed in understanding how to exploit these weaknesses) after reading quite a few articles, i have a basic understanding...but im just not quite there.
where do i input "*=*"? i think i understand WHY i put it where i do...but executing this command is a completely different problem. am i supposed to enter this somewhere in the source...somehow...or do i put this as my username?
what happens next?
it just seems like all the writers in the countless posts i have read are writing for more advanced readers. (understandable obviously, but that doesnt help me much)
so, can someone please explain easily how i am supposed to execute a sql injection attack?
username:
Password:
again, any help is greatly appreciated. also- im actually NOT up to mischief, lol. im really just trying to UNDERSTAND all of this. and...frankly...its pretty darn hard. i would be very thankful for help.
EDIT:
ok, nevermind. if you took the time to read all of this, im sorry. i finally figured it out on my own (after CONSIDERABLE work) this really was a difficult concept to figure out, but i think i got it. thanks anyway! (darn, i was so close the entire time...)
well, ok. im attempting to understand the principles of sql injection attacks. im pretty sure i understand the logic, but i dont understand how to actually perform one. understand that i have just VERY recently begun the process of understanding coding, viewing sources, and such, so i dont have experience in coding. (which seems needed in understanding how to exploit these weaknesses) after reading quite a few articles, i have a basic understanding...but im just not quite there.
where do i input "*=*"? i think i understand WHY i put it where i do...but executing this command is a completely different problem. am i supposed to enter this somewhere in the source...somehow...or do i put this as my username?
what happens next?
it just seems like all the writers in the countless posts i have read are writing for more advanced readers. (understandable obviously, but that doesnt help me much)
so, can someone please explain easily how i am supposed to execute a sql injection attack?
username:
Password:
again, any help is greatly appreciated. also- im actually NOT up to mischief, lol. im really just trying to UNDERSTAND all of this. and...frankly...its pretty darn hard. i would be very thankful for help.
EDIT:
ok, nevermind. if you took the time to read all of this, im sorry. i finally figured it out on my own (after CONSIDERABLE work) this really was a difficult concept to figure out, but i think i got it. thanks anyway! (darn, i was so close the entire time...)