SQL injections

jak · 02-02-2010

i was doin a small research over the internet about SQL injections since im building a website and i want it to be safe against any kind of hacks. Actually some of u know already about this subject so im here just for some extra info and for the ones that have no idea about it well its kinda interesting!!
As u know behind most of the websites there is a database. This database can be accessed through SQL injections sometimes if the site is vulnerable. Simple injections are done through text inputs, mainly when it comes to login to an account:
The thing is to put ’ OR 1=1-- as a username. the SQL statement will be as followed: SELECT * FROM customers WHERE name = ‘’ OR 1=1--’ AND password = ‘’ we are giving an empty username but we are telling him not to use the username because we have a true statement which is 1=1. so you have to select all rows from the customers table. Well this trick doesn't work on most of the websites so don't bother to try, it was just an info

so any other ways that anyone knows about hacking a website through SQL injections?

RUSSIAN · 02-02-2010

Quote:

Originally Posted by jak

i was doin a small research over the internet about SQL injections since im building a website and i want it to be safe against any kind of hacks.

Such site can't be built.

jak · 02-02-2010

of course it can't but im doing my best to get all necessary data about the most used techniques and i will try to do my best to make the website as immune as possible

**Google** · 02-02-2010

I can help you with the penetration testing when the website is done.

jak · 02-03-2010

Quote:

Originally Posted by Google

I can help you with the penetration testing when the website is done.

Thanks but first i need the techniques to be able to know how a hacker thinks when hes working on a website so i can be able to build a vulnerable one. so if u know any techniques it would be great to tell us about it.
if u want i can pm you my personal email if u dont want to post it to the public.

**Google** · 02-03-2010

Techniques are many. I won't post here vulnerable websites to show you samples, but if you want, add me. My IM is in my profile.

02-02-2010	#1
jak Registered Member Last Online: 12-11-2011 Join Date: Dec 2006 Posts: 946 Thanks: 388 Thanked 601 Times in 294 Posts Groans: 4 Groaned at 3 Times in 3 Posts	SQL injections i was doin a small research over the internet about SQL injections since im building a website and i want it to be safe against any kind of hacks. Actually some of u know already about this subject so im here just for some extra info and for the ones that have no idea about it well its kinda interesting!! As u know behind most of the websites there is a database. This database can be accessed through SQL injections sometimes if the site is vulnerable. Simple injections are done through text inputs, mainly when it comes to login to an account: The thing is to put ’ OR 1=1-- as a username. the SQL statement will be as followed: SELECT * FROM customers WHERE name = ‘’ OR 1=1--’ AND password = ‘’ we are giving an empty username but we are telling him not to use the username because we have a true statement which is 1=1. so you have to select all rows from the customers table. Well this trick doesn't work on most of the websites so don't bother to try, it was just an info so any other ways that anyone knows about hacking a website through SQL injections?

02-02-2010	#4
Google Last Online: 05-30-2013 Join Date: Jan 2008 Posts: 1,788 Thanks: 10,018 Thanked 1,100 Times in 651 Posts Groans: 1 Groaned at 6 Times in 6 Posts	I can help you with the penetration testing when the website is done. __________________

02-03-2010	#6
Google Last Online: 05-30-2013 Join Date: Jan 2008 Posts: 1,788 Thanks: 10,018 Thanked 1,100 Times in 651 Posts Groans: 1 Groaned at 6 Times in 6 Posts	Techniques are many. I won't post here vulnerable websites to show you samples, but if you want, add me. My IM is in my profile. __________________

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)