[ArcticRed]

Hello guys,

I was wondering if one of you guys here can help me with SQL injections because it has become necessary to learn it. eg what it is, what it's used for, how to use it etc

Im sure many long thick books have been written on the subject but Please can someone kindly give me an introduction to sql injections or point me to a website which gives me information on what it is and how to use it

Thank you in advance

[RipperRoo]

This explains it pretty well, and includes examples: http://en.wikipedia.org/wiki/SQL_injection

[ch0llima]

You shouldn't be doing that unless it's part of a legitimate penetration test.

[Adds]

whilst learning it is handy and can come in useful for testing a websites vulnerability (only if you have permission of course ) you might also wanna check out havij. its an injection tool, the free version is limited in some features but gets the job done in most cases once you've found a vulnerability.

[mfaxford]

(Original post by ArcticRed)
Hello guys,

I was wondering if one of you guys here can help me with SQL injections because it has become necessary to learn it. eg what it is, what it's used for, how to use it etc.

It might help if you stated why you need to learn it as that would allow people to give you a more accurate answer.

Simply thought SQL injection is about inserting SQL statements into a system where they shouldn't be possible to. In terms of coding something the correct solution is to not trust data from any external source and take all precautions available to protect your software against it.

[ArcticRed]

(Original post by ch0llima)
You shouldn't be doing that unless it's part of a legitimate penetration test.

I dont want to hack websites i want to learn what it is, on the other hand you saying i shouldnt be doing that is making me want to do it...

[jermaindefoe]

an excellent example can be found here

http://www.tizag.com/mysqlTutorial/m...-injection.php

interesting to see that or 1 returns true for all results

[Fallen]

(Original post by ArcticRed)
I dont want to hack websites i want to learn what it is, on the other hand you saying i shouldnt be doing that is making me want to do it...

I agree that you have every right to want to learn about SQL injection, but it isn't this statement a bit puerile?

[Adds]

just get your ass behind a vpn and get hacking. anyway, the odds of successfully injecting a website that's anywhere near important enough to get you v& or in any trouble is slim, but you do keep reading stories, latest one was the developer forum for nokia (think it was them) any site vulnerable to sqli isn't great for much more than teh lulz.

[ch0llima]

(Original post by Adds)
just get your ass behind a vpn and get hacking. anyway, the odds of successfully injecting a website that's anywhere near important enough to get you v& or in any trouble is slim, but you do keep reading stories, latest one was the developer forum for nokia (think it was them) any site vulnerable to sqli isn't great for much more than teh lulz.

Have you been reading the news lately? Nobody is anonymous.

Spoiler:

Show

Some offshore VPN services are honeypots operated by law enforcement and intelligence agencies.

[ArcticRed]

(Original post by jermaindefoe)
an excellent example can be found here

http://www.tizag.com/mysqlTutorial/m...-injection.php

interesting to see that or 1 returns true for all results

Thank you, That help was invaluable and i learnt a lot

[ArcticRed]

(Original post by Fallen)
I agree that you have every right to want to learn about SQL injection, but it isn't this statement a bit puerile?

Sorry, just trying to make a hilarious joke, i guess it didnt work.

[NutterFrutter]

mysql_real_escape_string to secure strings.

abs and intval will suffice to secure numbered inputs.

(Assuming the language is PHP.)

[Fallen]

(Original post by ArcticRed)
Sorry, just trying to make a hilarious joke, i guess it didnt work.

Oh, sorry then.

[Katene]

Oh i remember the days of Searching ".asx" in google to see if i could inject any of the pages. I had no avail.

[terchi]

Knowing the industry security standard we have now, I do not think you could perform an sql injection anymore unless what you are penetrating is something written in the middle ages, or something working around that schematic.

Though I have to agree that you should stay away from it unless you are doing an acid test on some web site you are hired for.

[j.smith1981]

(Original post by ch0llima)
You shouldn't be doing that unless it's part of a legitimate penetration test.

In the industry that's a fair point it's called ethical hacking, there's a certain reason as to why allot of people in companies that do this for part of a larger penetration testing, usually amounting to a few £1,000's worth of expenditure, it's not cheap! Hence why not allot of people give out information on such a niche market for income.

But SQL Injections only a very very very small part of a penetration testing.

There is a suite of utils you can pay for, but it's not meant for commerical use if not paid for, called Nessus I think it is, I use it at work for the projects within the company but obviously on a licence and free at hom for my own example project work.

Companies like Sysnet are the companies that do professional penetration testing (or Pen test as it's best called since it just sounds dirty if you say the full word lol).

All SQL injection actually is, is being able to say you where the developer at a company and they have not updated your SQL to prevent SQL injection and you did this on purpose, you wanted to get a list of all the companies suppliers and their all on this web accessible website you made, so what do you do?

Use certain syntax in the query text boxes to select * (* being the name for all fields) from the suppliers database, gaining access to information the query you setup should prevent against using things like inverted comma's (') or SELECT statements with syntax to be able to gain access to this information, when you send in commands to an SQL server though, like mysql_real_escape_string in PHP if you have an entry for a blog say 'My User's'< double inverted comma's after mysql_real_escape_string() has been used it would come out with the following: 'My User\'s' escaping the first character but on a larger scale it sends in the details of your query as pure text not a command so any DROP or DELETE commands simply would turn out to be SELECT statements so SELECT DELETE tablename wouldn't work lol.

That's how you prevent against SQL injection in PHP, there's other ones available to other languages I suppose though.

(Original post by NutterFrutter)
mysql_real_escape_string to secure strings.

abs and intval will suffice to secure numbered inputs.

(Assuming the language is PHP.)

Or just use is_numeric if it's user entered data, or else why would you be doing SQL injection prevention methods?

If it's meant to be a whole number for example I would cast the variable to an integer, then check the casted integer against the original value of the users entry, if they don't match throw back an error or assume what the user has put (I tend to stay away from that), there's a good example on my blog which I need to finish off soonish lol.

[estel]

(Original post by terchi)
Knowing the industry security standard we have now, I do not think you could perform an sql injection anymore unless what you are penetrating is something written in the middle ages, or something working around that schematic.

Though I have to agree that you should stay away from it unless you are doing an acid test on some web site you are hired for.

Ahahaha.

Sadly, there are a lot of terrible developers out there, and security is massively massively hard: even some of the best developers will have significant security vulnerabilities in their software.

In the Web Application Hacker's Handbook, the authors discuss their research into "hundreds" of web applications conducted 2006-2007 (so still somewhat out of date, but not irrelevantly so). They found vulnerabilities in the following proportions (of all sites):

* Broken Authentication 67%
* Broken access controls 78%
* SQL injection 36%
* Cross site scripting 91%
* Information leakage 81%

If you can provide more recent figures, I'd be interested in hearing them.

[Chrosson]

(Original post by estel)
Ahahaha.

Sadly, there are a lot of terrible developers out there, and security is massively massively hard: even some of the best developers will have significant security vulnerabilities in their software.

In the Web Application Hacker's Handbook, the authors discuss their research into &quot;hundreds&quot; of web applications conducted 2006-2007 (so still somewhat out of date, but not irrelevantly so). They found vulnerabilities in the following proportions (of all sites):

If you can provide more recent figures, I'd be interested in hearing them.

Interesting statistics, but ultimately not a very good indicator of vulnerability.

As an example, if you were being anal about security your username/password form should have the same message for an invalid username as an invalid password. Does that count as broken authentication? It probably does count as information leakage. But so is storing usernames and passwords in a publicly accessible text file on the server. One is somewhat more serious than the other.

I'd be more interested in what the vulnerabilities allowed you to do, instead of giving the type of vulnerability (although there is a correlation...).