Author Topic: SQL Injection help (Read 2724 times)

Magus · « **on:** December 17, 2011, 10:07:06 pm »

I am very new to all this and would like to start learning how to use SQL Injection and would like to know how about doing things or where to proper learn how to do this without reading even more things that I don't understand. I tried watching and video http://www.youtube.com/watch?v=JqzWPLq7bJY but not sure if this is quite pointless or not but it seems as so. But help would be greatly appreciated. I am also wondering if this is the proper techniques on how to retrieve passwords from websites for purposes of retrieving lost passwords. Thank you.

ande · « **Reply #1 on:** December 17, 2011, 10:10:41 pm »

If you would have cared to use the search function or simply visit the tutorial section you would have found this:

http://evilzone.org/tutorials/sql-injection/

Magus · « **Reply #2 on:** December 17, 2011, 11:04:41 pm »

I read all of it down to 1.4 due to the fact that the html ends with a .php such as http://www.interpals.net/login.php and clicked all around to find an id= but could not. I may sound stupid for saying this but I am just wanting to learn even it does sound that way because some times you just have to go in head first. But I was wondering if this is till SQL injectable and not the others that you listed like RFI or LFI. Help and input would be greatly appreciated.

ande · « **Reply #3 on:** December 17, 2011, 11:20:23 pm »

Quote from: Magus on December 17, 2011, 11:04:41 pm

I read all of it down to 1.4 due to the fact that the html ends with a .php such as http://www.interpals.net/login.php and clicked all around to find an id= but could not. I may sound stupid for saying this but I am just wanting to learn even it does sound that way because some times you just have to go in head first. But I was wondering if this is till SQL injectable and not the others that you listed like RFI or LFI. Help and input would be greatly appreciated.

You can look for more than id=, any argument will do. And yes, it can still be vulnerable to SQL injection even tho no result is found by following that tutorial. There are a variety of other ways a page can be vulnerable to SQL injection. Among them is POST arguments and other HTTP header fields. But that is slightly more advance.

EDIT: Also, the file extensions doesn't have to be .php, can be anything.

Magus · « **Reply #4 on:** December 17, 2011, 11:25:06 pm »

What would you suggest I do for that particular website: http://www.interpals.net/login.php what would you suggest so I can further myself into your tutorial because I have no idea how to find the columns because when i start trying to find columns or anything else it bring me to http://www.interpals.net/error.php and just pops up that this user does not exist, any suggestions?

ande · « **Reply #5 on:** December 17, 2011, 11:48:08 pm »

Quote from: Magus on December 17, 2011, 11:25:06 pm

What would you suggest I do for that particular website: http://www.interpals.net/login.php what would you suggest so I can further myself into your tutorial because I have no idea how to find the columns because when i start trying to find columns or anything else it bring me to http://www.interpals.net/error.php and just pops up that this user does not exist, any suggestions?

Cant help ya there.

Magus · « **Reply #6 on:** December 17, 2011, 11:50:17 pm »

So there's nothing you could possibly lead me to in order to begin retrieving the columns?

EvilZone

News:

Author Topic: SQL Injection help (Read 2724 times)

Magus

SQL Injection help

ande

Re: SQL Injection help

Magus

Re: SQL Injection help

ande

Re: SQL Injection help

Magus

Re: SQL Injection help

ande

Re: SQL Injection help

Magus

Re: SQL Injection help