hyperic
+ Reply to Thread
Results 1 to 7 of 7

Thread: Moonbat's Guide to SQL Injections

  1. #1
    Join Date
    Sep 2006
    Posts
    1,651

    Moonbat's Guide to SQL Injections

    This is my little guide to SQL Injections:

    Ah, here we go.

    [URL=http://www.w*schools.com/sql/default.asp]http://www.w*schools.com/sql/default.asp[/URL]

    You can learn all about SQL and what it's for here. I'm not gonna try to explain all of that, this is only for injections.
    ------------------------------------------------

    Now, suppose you are at a site called [URL=http://www.candycanestotehmax.com]www.candycanestotehmax.com[/URL]. You have to login to this site to see the candy canes. The login page is like this:

    Code:
    www.candycanestotehmax.com/login.php
    Now you try logging in with a bogus name and password. The URL now becomes something like:

    Code:
    www.candycanestotehmax.com/login.php?user=johnny&password=nicetry
    You obviously weren't able to log in. But now you want to see if the login is vulnerabel to SQL injection. Try playing around a bit with the URL.

    Code:
    www.candycanestotehmax.com/login.php?user=a'&password=*=*
    OR
    Code:
    www.candycanestotehmax.com/login.php?user=*=*&password=*'
    OR
    Some other combanation, there should be apostrophes and/or equal statements (*=*) because these tend to confuse servers.

    Anyways, you should see some wierd error, but if you don't, don't fret, there still could be a vulnerability (known as Blind SQL Injection).

    -----------------------------------------------

    Well now suppose you've found a vulnerablitly to SQL injections on candycanestotehmax.com. Break down the URL and convert it into SQL. When you see this URL:

    Code:
    www.candycanestotehmax.com/login.php?user=johnny&password=nicetry
    It's actually sending two SQL queries, one for a username match and one for a passowrd match. It looks like this (let's assume the name of the table is "login"):

    Code:
    SELECT username FROM login WHERE username='johnny'
    SELECT password FROM login WHERE password='nicetry'
    But there is no username johnny or password nicetry in the database, so therefore you can't login. But now you know a vital piece of info: The table "login" contains all the usernames and passwords. It would be nice if we could view this table.
    ------------------------------------------

    So we find somewhere where we can enter text, sometimes this is the login field, other times you actually have to enter it in the URL, usually after the ? in a php page. But assume you have to enter it in the login. In the username field, enter a command so you can view the usernames on the table "login".

    Code:
    SELECT username FROM login
    This would display the list of usernames in the table login. You can go back and edit the injection so it shows you the passwords also.
    ------------------------------------------

    Well, thanks for reading my tutorial, I hope you learn something

    -Moonbat

  2. #2
    Join Date
    Mar 2007
    Posts
    13
    thanks a lot man, I actually learned something for once , I do have one question though, in your tut it was a php, and I was kinda fuzzy on whether or not this sort of act could be done on something other than php, and I did read the w* stuff so I'm pretty sure I understand the basic sql commands.

  3. #3
    Join Date
    Sep 2006
    Posts
    1,651
    Well, the only web language that handles databases besides PHP is ASP, and I've never tried it on an ASP page.

  4. #4
    Join Date
    Mar 2007
    Posts
    13
    i was tryin it on an asp page earlier, but i didn't get very far, heh

  5. #5
    Join Date
    Sep 2005
    Posts
    2,053
    Any web language can interact with SQL databases -- SQL databases are separate from web servers and have no way of knowing if data has been requested by PHP or any other language. It just depends on whether the authors made functions for SQL interaction with the popular database servers.

    If we're talking about popularity though, PHP, ASP and Perl are the first three that come to mind.
    Last edited by Ezekiel; 03-29-2007 at 01:24 PM.

  6. #6
    Join Date
    Jun 2006
    Posts
    459
    Hey, Moonbat you are doing good. I see you got rid of adverting and set some rules. I might come back sometimes.
    7h* L**7*57 c4n7 h4ck m*!
    Proud to have quit playing ȧ

    If you write like a semi-literate boob you will very likely be ignored.
    Writing like a l**t script kiddie hax0r is the absolute l**t*st way to write!
    L0L

  7. #7
    Join Date
    Jan 2008
    Posts
    2
    thanks a lot.

+ Reply to Thread

Similar Threads

  1. Moonbat's Guide to Getting a Job
    By Moonbat in forum Tutorials
    Replies: 13
    Last Post: 12-18-2019, 09:49 AM
  2. Moonbat's Guide to FrontPage Hacking
    By Moonbat in forum Tutorials
    Replies: 15
    Last Post: 11-29-2019, 04:23 AM
  3. Moonbat's Guide to Cookie Stealing
    By Moonbat in forum Tutorials
    Replies: 4
    Last Post: 08-15-2015, 08:58 AM
  4. Moonbat's Guide to the Hosts File
    By Moonbat in forum Tutorials
    Replies: 10
    Last Post: 12-17-2007, 07:37 PM
  5. Moonbat's Guide to SQL Injections
    By Moonbat in forum Internet Privacy
    Replies: 4
    Last Post: 11-14-2006, 08:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts