Thread replies: 24
Thread images: 2
Thread images: 2
Anonymous
SQL injection thread 2015-11-19 17:09:31 Post No. 51421886
[Report] Image search: [Google]
SQL injection thread 2015-11-19 17:09:31 Post No. 51421886
[Report] Image search: [Google]
File: SQL-Injection-Attack.jpg (20KB, 450x313px) Image search:
[Google]
20KB, 450x313px
SQL injection general
>post what programs do you use
>why do you do it?
>whats the craziest thing you did with it?
>>
>>51421886
>post what programs do you use
this isnt hackforums you fucking skiddie
go write your own software
>>
>>51421886
prepared statements
/thread
>>
sqlmap, got shell
now fuck off
>>
IS THIS HOW 2 HACK SITES??? LINK TO A TUTORIAL PLEASE GUYS!!!
>>
>>51422737
GUYS I DOWNLOADED LOIC (nvr 4get XDDD) AND ENTERED MICROSOFT.COM AND THEN WENT TO GOOGLE CHROME AND IT WOULDN'T LOAD.
DONT MESS WITH ME GUYS I TOOK DOWN MICROSOFT XDDDDDDDDDDDDD
>>
>tfw PHP usage in the web is going down
>SQL injections no longer work because good languages (not PHP) and frameworks make it very difficult for developers to make mistakes
Fuck this gay earth.
>>
>>51421886
>programs
If i ever need to do something like that i would do it manually or write my own
>>
I use sqli dumper v7, whitch is the only one i know btw
>>
>>51421886
>Find old version of PHP-CMS running
Huh
>Create account, go into settings of account
>Yes my name is ',admin=true --
>Oh look a new link called Administrator Dashboard
>upload php script running system("nc -lp 6666 -e bash")
lel
>oh cool this server allows compiling as www-data user
*big grin*
>uname -a
hm, outdated kernel
>find old root exploit on shitty website
>compile & run
>root@somehost:~ #
well...
>20+ websites on this thing...
>left a txt file in /root/ with instructions to update system
>disconnected.
i was young.
>>
>>51424740
did you double compile too?
>>
>>51425012
>double compile.
you think i'ma pleb?
of course i compiled quadruple. on a phone, my laptop and on their host and the cia mainframe.
hue hue hue
>>
>>51421886
Software I've used successfully: SqlMap,BbqSql,Havij.
You really don't need that shit though if you have some free time, you can do it all manually.Cracking the hashes turns out to be the biggest obstacle in most cases.
>>
>>51422785
>SQL injections no longer work
Ummm,this is still the number one risk these days.
>>
>>51421886
sqlmap desu
>>
>>51424740
>implying people are dumb enough to add admin rights to an "admin" variable
>>
>>51421886
Just write your own script in 5-10 minutes to check the whole site.
>>
>>514218' OR 1=1; --
haha nice try
>>
a few years ago I posted a full text backup of my sql database in a public pastebin.
Including passwords. I was dumb.
The pastebin still exists and I never got hacked tho
>>
>>51426083
I heard of some people running github crawlers in order to detect passwords in other people's code.
I doubt anyone bothers with pastebin though.
>>
how much is there to learn for SQL? seeing in this thread how easy it is to sql inject a website i guess ill learn it too
>>
>>51426751
you'll need great deal of knowledge, if you want to attempt sql injects.
>>
>>51426930
in other languages you mean?
>>
>>51426751
>>51426930
If you know how to make basic SQL queries, you can guess how SQL injection is used.
Just make a simple website with a database and try to secure input from forms etc and you will learn how it function from both sides.
Thread posts: 24
Thread images: 2
Thread images: 2