Hello everyone, can someone please tell me some basics. I have a site I need to hack! And it's sql vulnerable. So what I need is , how to get the table names. and how to select the users passwords or emails! I read the big tutorial , but it's in Russian , I can't understand Just give me some basic commands to execute , so I can at least get the username and password please. thanks a lot
http://translate.google.com/translate?u=http%3A%2F%2Finjection.rulezz.ru%2FMySQL-SQL-Injection.html&langpair=ru%7Cen&hl=en&ie=UTF8
google.com < sql injection on php On this site papers about sql on rus lang, but you can use translator.
SQL Injection: Are your Web Applications Vulnerable http://www.spidynamics.com/support/whitepapers/WhitepaperSQLInjection.pdf Blind SQL Injection: Are your Web Applications Vulnerable http://www.spidynamics.com/support/whitepapers/Blind_SQLInjection.pdf Advanced SQL Injection in SQL Server Applications http://www.nextgenss.com/papers/advanced_sql_injection.pdf More advanced SQL Injection http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf Web Application Disassembly with ODBC Error Messages http://www.nextgenss.com/papers/webappdis.doc SQL Injection Walkthrough http://www.securiteam.com/securityreviews/5DP0N1P76E.html Blind SQL Injection http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html SQL Injection Signatures Evasion http://www.imperva.com/application_defense_center/white_papers/ sql_injection_signatures_evasion.html Introduction to SQL Injection Attacks for Oracle Developers http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf SQL Injection Cheat Sheet http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/ Now go and learn
if u have mysql version less then 5, u should guess the names of tables and collumns, else u should find out them from the system tables
