Over the years, I've seen and read many tutorials on SQLI. Many of them were incomplete, many were wrong, and some were just crap. Out of all these tuts though, one really struck me as being the best. Since many posters on Totse keep asking about web hacking, and since SQLI is a pretty common vulnerability, although it can be very tedious to execute, I decided to post this tut. I hope all of you can benefit from it, and get to h4xx0r1n9 those sites.
Link:
http://docs.google.com/Doc?id=drcn3mc_2sdcg3q&hl=en
Comments
https://addons.mozilla.org/en-US/firefox/addon/6727/
It used to be pretty useful for basic pentesting, doesn't require much knowledge to use either.
Yea, any automated tool is a plus. Manual SQL injection can be a long process.
This tutorial helped to recap the basics, thanks.
Agreed, Clover. I'm glad that this tut (unlike a lot of other ones) explains the reasoning behind SQLI's and how to inject on your own - which is a good thing to instill in new hackers, because no injection (or hack) is ever the same.