slashfear's - sql injection live demo!!

@slashfear-tSWzpz • Oct 23, 2024

Oct 23, 2024

1.0K

Hi Guys,

NOTE: THIS IS FOR EDUCATION PURPOSE ONLY I WILL NOT TAKE ANY CLAIM FOR YOUR ACTIONS!!

Last time when i posted about sql injection it was theoretical ( and boring........ 😔) So this time you will see it practically in the video below enjoy.....!! by the way I was done with my project works and was really bored so thought of doing a website and injecting it so here are some technical details:

WEBSITE SCRIPTING LANGUAGE : PERL CGI
BACK-END DATABASE : MYSQL

This attack can be performed on any website which are prone to sql injection attack!! it can be any web technology as well as database. This is mysql so I will be using # to comment and in ORACLE or MSSQL or SYBASE etc... we have to use --

NOTE: This video shows you the power of sql injection what all can be done using it!! so if your a web developer please consider to prevent the sql injection attack!!

[video=vimeo;19800899]https://www.vimeo.com/19800899[/video]

Hope you enjoyed it!! if you have any doubts feel free to ask 😉

-Arvind

Like 0 Replies 9

Replies

Welcome, guest

Join CrazyEngineers to reply, ask questions, and participate in conversations.

CrazyEngineers powered by Jatra Community Platform

Kaustubh Katdare

@thebigk • Feb 10, 2011

Hats off 😀 Great job! 😀
Ankita Katdare

@abrakadabra • Feb 10, 2011

The live demo is superb. Nicely explained slashfear.
Thanks for sharing with us.
slashfear

@slashfear-tSWzpz • Feb 11, 2011

Thanks Biggie and abrakadabra 😉
silverscorpion

@silverscorpion-iJKtdQ • Feb 11, 2011

Nice demo..

When you give " x' or 1=1 # " in the username, how does it login to the user Mike? Can you explain what's going on inside?

Also, I think PHP doesn't support execution of more than one sql statements in a single line.. so, when you use union, isn't it equal to running two queries?
How is it allowed? (I hope PHP is behind this website and not some other language..)

Thanks!! 😀
slashfear

@slashfear-tSWzpz • Feb 12, 2011

silverscorpion
Nice demo..

When you give " x' or 1=1 # " in the username, how does it login to the user Mike? Can you explain what's going on inside?

Also, I think PHP doesn't support execution of more than one sql statements in a single line.. so, when you use union, isn't it equal to running two queries?
How is it allowed? (I hope PHP is behind this website and not some other language..)

Thanks!! 😀
when you give 'x or 1=1 # ' it will take you to the first user in the table, so in my my table the first user is mike!! so it takes me to his account, according to login validation if the user input is returns true it will take you to the home page. Since the condition x or 1=1 returns true in the first place it takes me in as the first user named mike.

And now for the second question...... PHP we can execute 2 sql query's or else how can we join two tables or use correlated subquery's in order to accomplish the desired output from two tables.

NOTE: In php by default it adds an escape sequence if there is a ' in the user query in order to inject in PHP pages we can use hexdecimal conversion that is hex value of '

-Arvind
Manish Goyal

@manish-r2Hoep • Feb 12, 2011

hey do you use backtrack in your system?
slashfear

@slashfear-tSWzpz • Feb 14, 2011

Hi Goyal,

Nope I use Fedora but I do use back track live disk often ....... to do some experiments 😀 I am planning to change my OS to backtrack I love it its so kool 😉

-Arvind
Manish Goyal

@manish-r2Hoep • Feb 14, 2011

slashfear
Hi Goyal,

Nope I use Fedora but I do use back track live disk often ....... to do some experiments 😀 I am planning to change my OS to backtrack I love it its so kool 😉

-Arvind
i know

i hope your experiments are for good purposes 😉
slashfear

@slashfear-tSWzpz • Feb 14, 2011

Yeap!!! off-course It is for good purpose buddy!! 😉

NOTE: GMAIL PHISHING LIVE DEMO COMING UP.........

-Arvind