1. Home >
  2. Apps >
  3. Groups >

SQL Injection

Question asked by PraveenKumar Purushothaman in #Coffee Room on Mar 7, 2011
PraveenKumar Purushothaman
Rank A1 - PRO
Many web developers are unaware of how SQL queries can be tampered with, and assume that an SQL query is a trusted command. It means that SQL queries are able to circumvent access controls, thereby bypassing standard authentication and authorization checks, and sometimes SQL queries even may allow access to host operating system level commands.

Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, or to override valuable ones, or even to execute dangerous system level commands on the database host. This is accomplished by the application taking user input and combining it with static parameters to build an SQL query. The following examples are based on true stories, unfortunately.

Owing to the lack of input validation and connecting to the database on behalf of a superuser or the one who can create users, the attacker may create a superuser in your database.

More info: PHP: SQL Injection - Manual
Better Article: Understanding SQL Injection - Cisco Systems Posted in: #Coffee Room
slashfear
slashfear 路 Mar 7, 2011
Rank C1 - EXPERT
Hey buddy!!


Check out my video which illustrates the power of sql injection (done it when I free.....) : https://www.crazyengineers.com/forum...40062-slashfears-sql-injection-live-demo.html


-Arvind
PraveenKumar Purushothaman
Rank A1 - PRO
slashfear
Hey buddy!!


Check out my video which illustrates the power of sql injection (done it when I free.....) : https://www.crazyengineers.com/forum...40062-slashfears-sql-injection-live-demo.html


-Arvind
+100 Its an awesome cool video buddy... Hats off... 馃榾
slashfear
slashfear 路 Mar 8, 2011
Rank C1 - EXPERT
praveenscience
+100 Its an awesome cool video buddy... Hats off... 馃榾
Thanks Buddy!! 馃榿
PraveenKumar Purushothaman
Rank A1 - PRO
slashfear
Thanks Buddy!! 馃榿
Actually it deserves a lot!!! But, now-a-days, even trying harder, couldn't get any site hacked... Why so?
slashfear
slashfear 路 Mar 8, 2011
Rank C1 - EXPERT
praveenscience
Actually it deserves a lot!!! But, now-a-days, even trying harder, couldn't get any site hacked... Why so?
we can still hack websites but you have to know how to find the weakness of the website and the language used for creating the website.... Ok we are not going to go deep n this topic buddy I dont wanna turn this place as hacking tutorial.... Biggie will get mad i guess 馃槈

-Arvind
PraveenKumar Purushothaman
Rank A1 - PRO
slashfear
we can still hack websites but you have to know how to find the weakness of the website and the language used for creating the website.... Ok we are not going to go deep n this topic buddy I dont wanna turn this place as hacking tutorial.... Biggie will get mad i guess 馃槈

-Arvind
He he... 馃槢 Yeah, oki... Lets stop it here... 馃榾
Priya Vas
Priya Vas 路 Apr 22, 2011
Rank E2 - BEGINNER
The whole content copied form PHP: SQL Injection - Manual, stop copying
PraveenKumar Purushothaman
Rank A1 - PRO
Priya Vas
The whole content copied form PHP: SQL Injection - Manual, stop copying
I seriously don't understand, if you have read the whole content fully. If yes, you would have noticed that I gave a glance from that page and asked the users to read more at PHP: SQL Injection - Manual

You must log-in or sign-up to reply to this post.

Click to Log-In or Sign-Up