Hello everyone,
can someone please tell me some basics.
I have a site I need to hack! And it's sql vulnerable.
So what I need is , how to get the table names. and how to select the users passwords or emails! I read the big tutorial , but it's in Russian , I can't understand :(
Just give me some basic commands to execute , so I can at least get the username and password please.
thanks a lot

http://www.sitepoint.com/article/sql-injection-attacks-safe

Or google.com -> SQL injection

it is for .asp files. I need for php.
Please.

http://translate.google.com/translate?u=http%3A%2F%2Finjection.rulezz.ru%2FMyS QL-SQL-Injection.html&langpair=ru%7Cen&hl=en&ie=UTF8

google.com < sql injection on php
On this site papers about sql on rus lang, but you can use translator.

I read the big tutorial , but it's in Russian , I can't understand

+ http://translate.google.com
+ If web -> Translate a Web Page;
+ If Text -> Translate Text

SQL Injection: Are your Web Applications Vulnerable
http://www.spidynamics.com/support/whitepapers/WhitepaperSQLInjection.pdf

Blind SQL Injection: Are your Web Applications Vulnerable
http://www.spidynamics.com/support/whitepapers/Blind_SQLInjection.pdf

Advanced SQL Injection in SQL Server Applications
http://www.nextgenss.com/papers/advanced_sql_injection.pdf

More advanced SQL Injection
http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf

Web Application Disassembly with ODBC Error Messages
http://www.nextgenss.com/papers/webappdis.doc

SQL Injection Walkthrough
http://www.securiteam.com/securityreviews/5DP0N1P76E.html

Blind SQL Injection
http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html

SQL Injection Signatures Evasion
http://www.imperva.com/application_defense_center/white_papers/ sql_injection_signatures_evasion.html

Introduction to SQL Injection Attacks for Oracle Developers
http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf

SQL Injection Cheat Sheet
http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/


Now go and learn :)

Antichat we shall not win the rest a mouth we shall give.

ok I read some papers. Thank you. But still , it don't says how to select database names and columns. And how to select passwords. I really need this. Please help!


if u have mysql version less then 5, u should guess the names of tables and collumns, else u should find out them from the system tables

Thanks man! I see some tutorials on video.antichat.ru , and they helped me! :)