Moonbat's Guide to SQL Injections
Ah, here we go.
[url]http://www.w*schools.com/sql/default.asp[/url]
You can learn all about SQL and what it's for here. I'm not gonna try to explain all of that, this is only for injections.
------------------------------------------------
Now, suppose you are at a site called [url]www.candycanestotehmax.com[/url]. You have to login to this site to see the candy canes. The login page is like this:
[CODE]www.candycanestotehmax.com/login.php[/CODE]
Now you try logging in with a bogus name and password. The URL now becomes something like:
[CODE]www.candycanestotehmax.com/login.php?user=johnny&password=nicetry[/CODE]
You obviously weren't able to log in. But now you want to see if the login is vulnerabel to SQL injection. Try playing around a bit with the URL.
[CODE]www.candycanestotehmax.com/login.php?user=a'&password=*=*[/CODE]
OR
[CODE]www.candycanestotehmax.com/login.php?user=*=*&password=*'[/CODE]
OR
Some other combanation, there should be apostrophes and/or equal statements (*=*) because these tend to confuse servers.
Anyways, you should see some wierd error, but if you don't, don't fret, there still could be a vulnerability (known as Blind SQL Injection).
-----------------------------------------------
Well now suppose you've found a vulnerablitly to SQL injections on candycanestotehmax.com. Break down the URL and convert it into SQL. When you see this URL:
[CODE]www.candycanestotehmax.com/login.php?user=johnny&password=nicetry[/CODE]
It's actually sending two SQL queries, one for a username match and one for a passowrd match. It looks like this (let's assume the name of the table is "login"):
[CODE]SELECT username FROM login WHERE username='johnny'
SELECT password FROM login WHERE password='nicetry'[/CODE]
But there is no username johnny or password nicetry in the database, so therefore you can't login. But now you know a vital piece of info: The table "login" contains all the usernames and passwords. It would be nice if we could view this table.
------------------------------------------
So we find somewhere where we can enter text, sometimes this is the login field, other times you actually have to enter it in the URL, usually after the ? in a php page. But assume you have to enter it in the login. In the username field, enter a command so you can view the usernames on the table "login".
[CODE]SELECT username FROM login[/CODE]
This would display the list of usernames in the table login. You can go back and edit the injection so it shows you the passwords also.
------------------------------------------
Well, thanks for reading my tutorial, I hope you learn something:D
-Moonbat