hobbit monitor
+ Reply to Thread
Results 1 to 5 of 5

Thread: Moonbat's Guide to SQL Injections

  1. #1
    Join Date
    Sep 2006
    Posts
    1,651

    Moonbat's Guide to SQL Injections

    Ah, here we go.

    [url]http://www.w*schools.com/sql/default.asp[/url]

    You can learn all about SQL and what it's for here. I'm not gonna try to explain all of that, this is only for injections.
    ------------------------------------------------

    Now, suppose you are at a site called [url]www.candycanestotehmax.com[/url]. You have to login to this site to see the candy canes. The login page is like this:

    Code:
    www.candycanestotehmax.com/login.php
    Now you try logging in with a bogus name and password. The URL now becomes something like:

    Code:
    www.candycanestotehmax.com/login.php?user=johnny&password=nicetry
    You obviously weren't able to log in. But now you want to see if the login is vulnerabel to SQL injection. Try playing around a bit with the URL.

    Code:
    www.candycanestotehmax.com/login.php?user=a'&password=*=*
    OR
    Code:
    www.candycanestotehmax.com/login.php?user=*=*&password=*'
    OR
    Some other combanation, there should be apostrophes and/or equal statements (*=*) because these tend to confuse servers.

    Anyways, you should see some wierd error, but if you don't, don't fret, there still could be a vulnerability (known as Blind SQL Injection).

    -----------------------------------------------

    Well now suppose you've found a vulnerablitly to SQL injections on candycanestotehmax.com. Break down the URL and convert it into SQL. When you see this URL:

    Code:
    www.candycanestotehmax.com/login.php?user=johnny&password=nicetry
    It's actually sending two SQL queries, one for a username match and one for a passowrd match. It looks like this (let's assume the name of the table is "login"):

    Code:
    SELECT username FROM login WHERE username='johnny'
    SELECT password FROM login WHERE password='nicetry'
    But there is no username johnny or password nicetry in the database, so therefore you can't login. But now you know a vital piece of info: The table "login" contains all the usernames and passwords. It would be nice if we could view this table.
    ------------------------------------------

    So we find somewhere where we can enter text, sometimes this is the login field, other times you actually have to enter it in the URL, usually after the ? in a php page. But assume you have to enter it in the login. In the username field, enter a command so you can view the usernames on the table "login".

    Code:
    SELECT username FROM login
    This would display the list of usernames in the table login. You can go back and edit the injection so it shows you the passwords also.
    ------------------------------------------

    Well, thanks for reading my tutorial, I hope you learn something

    -Moonbat

  2. #2
    Join Date
    Nov 2006
    Posts
    178

    Thumbs up

    I hope you learn something
    Actually, i learnt a lot Thanks

    Is this vulnerability common?

  3. #3
    Join Date
    Sep 2006
    Posts
    1,651
    Well, I personally haven't seen it anywhere, mostly because most forums are made with good programs (VBullitein, phpBB, etc.) that usually protect against this kind of stuff.

  4. #4
    Join Date
    Nov 2006
    Posts
    178
    Okay. It's still very useful to know... just incase

  5. #5
    Join Date
    Sep 2005
    Posts
    2,053
    Quote Originally Posted by Troll
    Actually, i learnt a lot Thanks

    Is this vulnerability common?
    It's common in any web application that checks usernames/passwords against those in a database without filtering input. All it takes is a google search for inurl:login to find potential targets.

+ Reply to Thread

Similar Threads

  1. Moonbat's Guide to Getting a Job
    By Moonbat in forum Tutorials
    Replies: 13
    Last Post: 12-18-2019, 09:49 AM
  2. Moonbat's Guide to FrontPage Hacking
    By Moonbat in forum Tutorials
    Replies: 15
    Last Post: 11-29-2019, 04:23 AM
  3. Moonbat's Guide to Cookie Stealing
    By Moonbat in forum Tutorials
    Replies: 4
    Last Post: 08-15-2015, 08:58 AM
  4. Moonbat's Guide to SQL Injections
    By Moonbat in forum Tutorials
    Replies: 6
    Last Post: 01-04-2008, 02:08 PM
  5. Moonbat's Guide to the Hosts File
    By Moonbat in forum Tutorials
    Replies: 10
    Last Post: 12-17-2007, 07:37 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts