[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Extra juicy! | Home]

SQL injections?

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.

Thread replies: 11
Thread images: 1

File: Injection-image.jpg (60KB, 626x465px) Image search: [iqdb] [SauceNao] [Google]
Injection-image.jpg
60KB, 626x465px
Okay /g/.
Let's say, purely hypothetically ofcourse, that someone found that by turning off javascript and then entering apostrophes in a search field on a site you could produce an error message.
What would be the easiest way to exploit this, if possible at all?
>>
by downloading all of their ram and using it for things like gifs and bandwidyh aggregation. but youd have to be super leet to really pull off something like that
>>
unless the site is ancient, its backend is using a prepared query. Youre probably out od luck
>>
>>51485080
Yeah ok. Thing is, this somene really just want to edit a record in one of their databases. It's a bit risky since this database also contains social security numbers. What are the odds of doing something like this unnoticed? Could the risk be worth it and how leet are we talking here?
>>
>>51485139
I doubt they'll notice it if they're retarded enough not to sanitize inputs in 2015.
>>
>>51485139
If the site and query being used are using outdated security (or none at all), this would be trivial to do.
However, chances are they are; and you will get caught.
>>
>>51485127
Well that's a bummer then :/
>>
>>51485063
just use sqlmap desu
>>
>>51485164
This is why I was really surrprised to find this error.
>>51485166
Also this is what I feared. Perhaps it's not worth the risk if I even manage to pull it off. What's the worst thing that could happen? Prison?
>>
>>51485242
Depends on where you live and what data you could have accessed, but prison may be a possibility.
Unless you have a very good reason, or don't care, don't try anything. It's not worth it.
If you want to practice shit like this, there's plenty of online resources to do it legally.
>>
>>51485242
Just do it via Tor so it's not linked to your IP.

Whoever runs the Tor node at the end will just tell them to fuck off if you cycle circuits until you hit one in a good country.
Thread posts: 11
Thread images: 1


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.