Author Topic: SQL Injection help  (Read 2725 times)

0 Members and 3 Guests are viewing this topic.

Offline Magus

  • /dev/null
  • *
  • Posts: 6
  • Cookies: 0
    • View Profile
SQL Injection help
« on: December 17, 2011, 10:07:06 pm »
I am very new to all this and would like to start learning how to use SQL Injection and would like to know how about doing things or where to proper learn how to do this without reading even more things that I don't understand. I tried watching and video  http://www.youtube.com/watch?v=JqzWPLq7bJY but not sure if this is quite pointless or not but it seems as so. But help would be greatly appreciated. I am also wondering if this is the proper techniques on how to retrieve passwords from websites for purposes of retrieving lost passwords. Thank you.

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: SQL Injection help
« Reply #1 on: December 17, 2011, 10:10:41 pm »
If you would have cared to use the search function or simply visit the tutorial section you would have found this:

http://evilzone.org/tutorials/sql-injection/
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline Magus

  • /dev/null
  • *
  • Posts: 6
  • Cookies: 0
    • View Profile
Re: SQL Injection help
« Reply #2 on: December 17, 2011, 11:04:41 pm »
I read all of it down to 1.4 due to the fact that the html ends with a .php such as  http://www.interpals.net/login.php and clicked all around to find an id= but could not. I may sound stupid for saying this but I am just wanting to learn even it does sound that way because some times you just have to go in head first. But I was wondering if this is till SQL injectable and not the others that you listed like RFI or LFI. Help and input would be greatly appreciated.
« Last Edit: December 17, 2011, 11:11:56 pm by Magus »

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: SQL Injection help
« Reply #3 on: December 17, 2011, 11:20:23 pm »
I read all of it down to 1.4 due to the fact that the html ends with a .php such as  http://www.interpals.net/login.php and clicked all around to find an id= but could not. I may sound stupid for saying this but I am just wanting to learn even it does sound that way because some times you just have to go in head first. But I was wondering if this is till SQL injectable and not the others that you listed like RFI or LFI. Help and input would be greatly appreciated.

You can look for more than id=, any argument will do. And yes, it can still be vulnerable to SQL injection even tho no result is found by following that tutorial. There are a variety of other ways a page can be vulnerable to SQL injection. Among them is POST arguments and other HTTP header fields. But that is slightly more advance.

EDIT: Also, the file extensions doesn't have to be .php, can be anything.
« Last Edit: December 17, 2011, 11:21:37 pm by ande »
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline Magus

  • /dev/null
  • *
  • Posts: 6
  • Cookies: 0
    • View Profile
Re: SQL Injection help
« Reply #4 on: December 17, 2011, 11:25:06 pm »
What would you suggest I do for that particular website:  http://www.interpals.net/login.php what would you suggest so I can further myself into your tutorial because I have no idea how to find the columns because when i start trying to find columns or anything else it bring me to http://www.interpals.net/error.php and just pops up that this user does not exist, any suggestions?
« Last Edit: December 17, 2011, 11:30:23 pm by Magus »

Offline ande

  • Owner
  • Titan
  • *
  • Posts: 2664
  • Cookies: 256
    • View Profile
Re: SQL Injection help
« Reply #5 on: December 17, 2011, 11:48:08 pm »
What would you suggest I do for that particular website:  http://www.interpals.net/login.php what would you suggest so I can further myself into your tutorial because I have no idea how to find the columns because when i start trying to find columns or anything else it bring me to http://www.interpals.net/error.php and just pops up that this user does not exist, any suggestions?

Cant help ya there.
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true

Offline Magus

  • /dev/null
  • *
  • Posts: 6
  • Cookies: 0
    • View Profile
Re: SQL Injection help
« Reply #6 on: December 17, 2011, 11:50:17 pm »
So there's nothing you could possibly lead me to in order to begin retrieving the columns?