Ultimate SQL Injection Tutorial

v0xv0x Regular
edited July 2011 in Tech & Games
Over the years, I've seen and read many tutorials on SQLI. Many of them were incomplete, many were wrong, and some were just crap. Out of all these tuts though, one really struck me as being the best. Since many posters on Totse keep asking about web hacking, and since SQLI is a pretty common vulnerability, although it can be very tedious to execute, I decided to post this tut. I hope all of you can benefit from it, and get to h4xx0r1n9 those sites.

Link: http://docs.google.com/Doc?id=drcn3mc_2sdcg3q&hl=en

Comments

  • edited July 2010
    Awesome, thanks for this. Now reading!
  • AnonymousAnonymous Regular
    edited July 2010
    I don't know if this is useful anymore but I'm going to post it.
    https://addons.mozilla.org/en-US/firefox/addon/6727/

    It used to be pretty useful for basic pentesting, doesn't require much knowledge to use either.
  • v0xv0x Regular
    edited July 2010
    Anonymous wrote: »
    I don't know if this is useful anymore but I'm going to post it.
    https://addons.mozilla.org/en-US/firefox/addon/6727/

    It used to be pretty useful for basic pentesting, doesn't require much knowledge to use either.

    Yea, any automated tool is a plus. Manual SQL injection can be a long process.
  • CloverClover Acolyte
    edited July 2010
    Ultimate SQL Injection tutorial: LEarn SQL and learn PHP, then learn the basic concept and stop copying and pasting fucking injections like noobs :facepalm:.
  • Professor ElmProfessor Elm Regular
    edited July 2010
    I have some knowledge of SQL and PHP and am now trying to gain the password to my next door neighbours graphics site.

    This tutorial helped to recap the basics, thanks.
  • edited July 2010
    Disregard this post, it was dumb.
  • v0xv0x Regular
    edited July 2010
    Clover wrote: »
    Ultimate SQL Injection tutorial: LEarn SQL and learn PHP, then learn the basic concept and stop copying and pasting fucking injections like noobs :facepalm:.

    Agreed, Clover. I'm glad that this tut (unlike a lot of other ones) explains the reasoning behind SQLI's and how to inject on your own - which is a good thing to instill in new hackers, because no injection (or hack) is ever the same.
  • edited July 2011
    I've gotta say a huge thanks for this guide, v0x. After reading this, I can now confidently perform SQL injection and get a website to display exactly the right information I want it to :D This guide isn't skiddie material in the slightest, and when combined with the knowledge of SQL it becomes an extremely good guide. thanks again for posting it. I urge others to read through this and get to grips with SQLi, as it's good fun.
Sign In or Register to comment.