ThisisLegal.com

ThisisLegal Forums

Welcome to the forums! A chance for site members to chat and get help.

You are not logged in.

#1 2008-03-17 06:00:54

sam207
Member
Registered: 2008-03-17
Posts: 90

SQL injection

I think I have found that one of my college's site is vulnerable to SQL injection. I just want to know "is it just possible to know the database listing usernames and password?" Also the site doesnot use id=1 or something like that. But just page=ss or like that. I want to inform my college if there is any bug. So can anyone help me?


Offline due to lack of time...

Offline

#2 2008-03-17 07:10:07

t0mmy9
Administrator
Registered: 2005-01-07
Posts: 21

Re: SQL injection

well, the first step is to find out the name of the database. The problem is a lot of it is guess work really. Have you tried the common injections like

' or 1=1--

or just '

get a list of common sql injections off the internet. If that doesnt help, im adding to the sql tutorial in the tutorials section now which i hope will

http://thisislegal.byethost13.com/sql.php


Site admin

Offline

#3 2008-03-19 07:44:44

sam207
Member
Registered: 2008-03-17
Posts: 90

Re: SQL injection

I have done that. the site does not filter any sql command I give. Also it is not the site where log in is present. Just very simple site. Since it doesnot filter any sql commands I think it is possible to alter the main page even. So can u give more ideas of altering main page where I could put the info about the security of their site. Thanks..


Offline due to lack of time...

Offline

#4 2008-03-20 05:37:35

sOwL
Member
Registered: 2007-09-16
Posts: 97

Re: SQL injection

you should just try out some common sql queries and see what errors you get. but firstly, do you know what type of sql is the site using? the most common is microsoft's though. also, you need to tell us how does the prompt looks like, is it asking for both username and password? if it is, then it could be like this:<br /><br />..WHERE 'username=<prompt>' AND 'password=<prompt>'...<br /><br />so this could work:<br /><br />..WHERE 'username=' OR '1=1' AND 'password=' OR '1=1'...<br /><br />this ' OR '1=1 is a common sql injection command. now if this actually works, find urself how sql works so you can type commands that will open the database and give you the info you need (any command should work coz the above case will be true no matter what). hope that helped


withstupid

Offline

#5 2008-03-24 07:50:04

sam207
Member
Registered: 2008-03-17
Posts: 90

Re: SQL injection

Thanks sOwL for cool info. The site is run on Apache server and it's linux based. And finally I have done some modifications over there with the notice but I could not go to direct database. I do not know why it was. Anyway it helped. And thanks. I think I will need no more help with this site. But thanks for co operation..


Offline due to lack of time...

Offline

Board footer

Powered by FluxBB