SQL Injection Walkthrough

Posted by Martin in Hacking  Tags: , , ,

16

May



You might already know what sql injection means, in case you did not i post the definition of wikipedia:

SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

What does it mean in plain english ? You try to utilise instances of a website that submits data to the webserver, this could be for example a login page, a form field or a comments form.

The article “SQL Injection Walkthrough” helps you identify vulnerable scripts and explains the methods to test, verify and exploit that vulnerability. After reading the article you will have a basic understanding of the technique, if you follow the links given at the end you will be able to read advanced topics on the subject.


Like such posts? Get updates via RSS NEWS FEED. Love Ghacks? Find out how you can help!

Spread The Article: Digg del.icio.us StumbleUpon Reddit Facebook Slashdot TwitThis YahooMyWeb Fark Mixx NewsVine

1 User Commented In This Post

Subscribe To This Post Comment Rss Or TrackBack URL
rudi says, May 24th, 2006   

is my web can be HACK if i send [' or "1"="1"--] srvr respond
Microsoft OLE DB Provider for ODBC Drivers error ‘80040e14′
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near ‘1′.
/search.asp, line 166

but i try to insert many SQL INJECTION does not respond anything
please help me howto hack this !
thanks

Leave Your Comments Below
Hello, please leave your thought below

Please Note: Each comment will be manually approved by an admin. There is no guarantee that a comment will be posted. Please do not submit the comment multiple times.