Page 1 of 1
SQL Injection, please help me xD
Posted: Thu Jul 16, 2009 1:12 pm
by Liidian
I have never worked with SQL injection before and now i wonder.. how it works? where can isnert
script.php?id=-1 union all select 1,2,3,4,5,group_concat(admin_name,0x3a,admin_pass),7,8,9,10 from admin_users--
for example?
Posted: Tue Jul 21, 2009 5:31 am
by koolpop0
what i learned is
hi' OR 1=1--
unlikely it will work on most sites...
i didn't study this enough yet
Posted: Tue Jul 21, 2009 5:34 am
by plope0726
koolpop0 wrote:what i learned is
hi' OR 1=1--
unlikely it will work on most sites...
i didn't study this enough yet
Most sites are protected from this sort of SQL injection. It's such and old vulnerability that it practically doesn't exist. That's not to say some sites aren't still vulnerable, but this basic SQL attack is almost obsolete. It takes a bit more thought than this now.