If you already know what SQL Injections are and do, you may want to skip the first paragraph of this guide as it is bringing everyone else up to speed. Wikipedia defines SQL injections in the following way: SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
What does it mean in plain English? Attackers try to inject code in to websites by finding loopholes in scripts that run on the site. This can be a form on the website or any other script running on it that is not properly protected from these kind of injections.
The article "SQL Injection Walkthrough" helps you identify vulnerable scripts and explains the methods to test, verify and exploit those vulnerabilities. After reading the article you will have a basic understanding of the techniques used by attackers and if you follow the links given at the end you can dive deeper into the topic.
The guide is divided into the following chapters:
While being an introduction to SQL Injections, it is recommended to have at least some programming experience, as it makes it a lot easier to follow the guide since code examples are frequently used in the guide to explain the concepts. It should not be too difficult but basic understanding of SQL helps a lot.
AdvertisementPlease click on the following link to open the newsletter signup page: Ghacks Newsletter Sign up
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
is my web can be HACK if i send [‘ or “1”=”1″–] srvr respond
Microsoft OLE DB Provider for ODBC Drivers error ‘80040e14’
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 1: Incorrect syntax near ‘1’.
/search.asp, line 166
but i try to insert many SQL INJECTION does not respond anything
please help me howto hack this !
thanks