EvilZone

Hacking and Security => Hacking and Security => : jibudada June 02, 2012, 06:51:13 AM

: SQL Injection
: jibudada June 02, 2012, 06:51:13 AM

SQL injection is a technique often used to attack databases through a website. This is done by including portions of SQL statements in a web form entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g. dump the database contents to the attacker). SQL injection is a code injection (http://en.wikipedia.org/wiki/Code_injection) technique that exploits a security vulnerability (http://en.wikipedia.org/wiki/Security_vulnerability) in a website's software.

there are lot of information available on web regarding sql injection. but i feel that there is not a single place where we can find complete information , all the techniques of sql injection with video demo . one of my friend has started creating videos series on this topic .

Link to part 1: http://www.securitytube.net/video/4171 (http://www.securitytube.net/video/4171)
Link to part 2: http://www.securitytube.net/video/4200 (http://www.securitytube.net/video/4200)
Link to part 3: http://www.securitytube.net/video/4208 (http://www.securitytube.net/video/4208)
Link to part 4: http://www.securitytube.net/video/4210 (http://www.securitytube.net/video/4210)
Link to part 5: http://www.securitytube.net/video/4269 (http://www.securitytube.net/video/4269)
Link to part 6: http://www.securitytube.net/video/4283 (http://www.securitytube.net/video/4283)
Link for test bed: https://github.com/Audi-1/sqli-labs (https://github.com/Audi-1/sqli-labs)

all above videos cover sql injection in detail with practical

: Re: SQL Injection
: Kulverstukas June 02, 2012, 09:26:19 AM

Better to learn SQL before you learn to inject it... otherwise you are just a script kiddie.

: Re: SQL Injection
: p_2001 June 02, 2012, 11:00:27 AM

: Kulverstukas  June 02, 2012, 09:26:19 AM

Better to learn SQL before you learn to inject it... otherwise you are just a script kiddie.

lol, agreed

Though basic sql is not worth 2 days or practice... the advanced part such as functions are a bit tricky.

: Re: SQL Injection
: L0rd_M@dness June 05, 2012, 07:34:24 AM

: p_2001  June 02, 2012, 11:00:27 AM

lol, agreed

Though basic sql is not worth 2 days or practice... the advanced part such as functions are a bit tricky.

Functions only find a real meaning in T-SQL and T-SQL never comes handy in SQLi.
Basic SQL is just SELECT, WHERE, DELETE, UPDATE, INSERT, ORDERBY, and some other queries.
I agree with Kulverstakus tho. The more SQL you know the more likely you're able to apply the exploit.