Critical Security.NET: Basics Of Sql-injections. - Critical Security.NET

Jump to content

  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

Basics Of Sql-injections.

#21 Guest_sidyom_*

  • Group: Guests

Posted 29 October 2006 - 11:02 PM

Quote

at least thats how i think it works.

guess i was wrong. sorry bout that, determined06.
and thanks for that article. im reading it now. :P

#22 User is offline   Ned Icon

  • Posting Superpower
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 1,052
  • Joined: 06-October 05
  • Gender:Male

Posted 29 October 2006 - 11:08 PM

View PostPHPhreak, on Oct 29 2006, 09:53 PM, said:

Confuse is a bad word. It's not like you're just doing random shit until the server times out (thats a buffer overflow I think), you're trying to give it very precise commands.

Buffer-overflows would indeed be closer in definition to what sidyom described than SQL injections, though they don't involve just "random shit", but rather the input of a large amount of data in order to overflow the buffer that is allocated to contain the input. Exploiting such a weakness is a whole different area though.

This post has been edited by Ned: 29 October 2006 - 11:09 PM

0

#23 User is offline   BlessTheFall Icon

  • Critical Member
  • PipPipPipPip
  • Group: Members
  • Posts: 102
  • Joined: 04-December 06
  • Location:NY

Posted 14 March 2007 - 03:14 AM

This is really helpful thanks alot man.
0

#24 User is offline   LocalScriptE Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 30
  • Joined: 21-March 07

Posted 14 April 2007 - 05:47 AM

Wait.. I was just playing around with this.. (Scared to go any further, don't wanna break the law)
But if I got 
No valued HOST entry found

ADODB.Recordset error '800a0bcd'

Either BOF or EOF is True, or the current record has been deleted. Requested operation requires a current record.

/toas/toas_login2.asp, line 274

From using 1=1 did something work? is this exploitable?
0

#25 User is offline   ColdCore Icon

  • Regular Member
  • PipPipPip
  • Group: Members
  • Posts: 79
  • Joined: 07-March 07
  • Gender:Male
  • Location:Behind My PC

Posted 14 April 2007 - 11:19 AM

Ok, so i'm trying to get an error:

The site i use: www.asasasasa.com/index.asp

Then i put this: www.asasasasa.com/index.asp?motoID=30+PRIN

It's doesn't do anything! It just remains at the same page...
What am i doing wrong?

(Btw, the site doesn't have a login page)

This post has been edited by ColdCore: 14 April 2007 - 11:23 AM

0

#26 User is offline   animedude123 Icon

  • Regular Member
  • PipPipPip
  • Group: Members
  • Posts: 97
  • Joined: 13-February 07

Posted 16 June 2007 - 11:49 PM

So you said to log in as admin you enter Username : admin'-- First off, where do you enter that? Do you just add that to the end of the url address? Second, I know its not that easy. I know you can't just add that, and you get access to admin privileges. You talk about looking for an error msg? When I add that coding to url (supposing thats where your suppose to put it) Nothing happens...It just ignores it and acts like it was never even typed there...So how do you get it so it gives you an error msg? Then the error msg is supposed to say something about the group table its in or something like that right? Am I completely off? I'm new to SQL-injections....
0

#27 Guest_vibol86_*

  • Group: Guests

Posted 15 August 2007 - 06:15 AM

Old stuff again to clearify, for the " -- " and " # " it used as comment right,

But why i cant use it to comment the query in all the query string when i apply sql injection

But i can use " ' " to see the error message, any one can help, it been months that i try to find the issue. HELP !!!!

#28 User is offline   Hubahubajuba Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 18
  • Joined: 16-August 07

Posted 21 August 2007 - 05:23 PM

Why do i keep getting "This page cannot be found" page.. what am i doin wrong
0

#29 Guest_Tomatonator_*

  • Group: Guests

Posted 21 August 2007 - 10:09 PM

This is the stupidest question of all time:

View PostHubahubajuba, on Aug 21 2007, 12:23 PM, said:

Why do i keep getting "This page cannot be found" page.. what am i doin wrong



I think I'll make it my sig. since I've never laughed so hard. I know there's a lot of stupid wannabe hackers, but that guy tops them all.

#30 User is offline   fourthdimension Icon

  • Regular Member
  • PipPipPip
  • Group: Members
  • Posts: 54
  • Joined: 06-September 07

Posted 03 October 2007 - 03:48 AM

Reread the tutorial. Sounds like you're injecting the code into the wrong place.

This post has been edited by fourthdimension: 03 October 2007 - 03:49 AM

0

#31 Guest_dadeadman_*

  • Group: Guests

Posted 18 October 2007 - 02:13 PM

What if the form adds in a \ before or aft my ', how do i inject sql then?

#32 User is offline   Rush Icon

  • Member
  • PipPip
  • Group: Members
  • Posts: 16
  • Joined: 01-April 08

Posted 01 April 2008 - 02:48 AM

Very nice post. Much learned.
0
  • (2 Pages)
  • +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users