Форум АНТИЧАТ

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)
-   Уязвимости (https://forum.antichat.xyz/forumdisplay.php?f=74)
-   -   need HELP. Please. SQL injection. (https://forum.antichat.xyz/showthread.php?t=50152)

canvasa 30.09.2007 00:57
need HELP. Please. SQL injection.
 
Hello everyone,
can someone please tell me some basics.
I have a site I need to hack! And it's sql vulnerable.
So what I need is , how to get the table names. and how to select the users passwords or emails! I read the big tutorial , but it's in Russian , I can't understand :(
Just give me some basic commands to execute , so I can at least get the username and password please.
thanks a lot

limpompo 30.09.2007 01:02
http://www.sitepoint.com/article/sql-injection-attacks-safe

Or google.com -> SQL injection

canvasa 30.09.2007 01:03
it is for .asp files. I need for php.
Please.

limpompo 30.09.2007 01:14
http://translate.google.com/translate?u=http%3A%2F%2Finjection.rulezz.ru%2FMyS QL-SQL-Injection.html&langpair=ru%7Cen&hl=en&ie=UTF8

guest3297 30.09.2007 01:15
google.com < sql injection on php
On this site papers about sql on rus lang, but you can use translator.

limpompo 30.09.2007 01:18
Цитата:
I read the big tutorial , but it's in Russian , I can't understand
+ http://translate.google.com
+ If web -> Translate a Web Page;
+ If Text -> Translate Text

Fugitif 30.09.2007 01:31
SQL Injection: Are your Web Applications Vulnerable
http://www.spidynamics.com/support/whitepapers/WhitepaperSQLInjection.pdf

Blind SQL Injection: Are your Web Applications Vulnerable
http://www.spidynamics.com/support/whitepapers/Blind_SQLInjection.pdf

Advanced SQL Injection in SQL Server Applications
http://www.nextgenss.com/papers/advanced_sql_injection.pdf

More advanced SQL Injection
http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf

Web Application Disassembly with ODBC Error Messages
http://www.nextgenss.com/papers/webappdis.doc

SQL Injection Walkthrough
http://www.securiteam.com/securityreviews/5DP0N1P76E.html

Blind SQL Injection
http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html

SQL Injection Signatures Evasion
http://www.imperva.com/application_defense_center/white_papers/ sql_injection_signatures_evasion.html

Introduction to SQL Injection Attacks for Oracle Developers
http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf

SQL Injection Cheat Sheet
http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/


Now go and learn :)

guest3297 30.09.2007 01:40
Antichat we shall not win the rest a mouth we shall give.

blackybr 30.09.2007 09:14
Цитата:
ok I read some papers. Thank you. But still , it don't says how to select database names and columns. And how to select passwords. I really need this. Please help!
if u have mysql version less then 5, u should guess the names of tables and collumns, else u should find out them from the system tables

canvasa 30.09.2007 20:08
Thanks man! I see some tutorials on video.antichat.ru , and they helped me! :)


Время: 11:21