Hi, Its been two days i have been trying to get access using sql injections... either in username password fields 'z or 1=1 -- etcs or urls with .php etc no luck, i did find 1-2 sites which showed that it was vulnerable (one was highly) still it lead me no where... one site i got it had 11 coloumns (using the tuts given here http://www.go4expert.com/showthread.php?t=11841) then i did.. http://www.site.com/news.php?id=5 union all select 1,2,3,4,5,6,7,8,9,10,11/* it showed the page normally... no numbers were shown... then stil to take chance i replaced each coloumn no. with unhex(hex(@@version)) hoping one of them might work and reveal the sql version, all loaded normally..no version..? whats wrong? also many tuts say you can login using z' or 1=1 -- or z' or 'x' = 'x etc etc etc but i didnt find a single site where it worked... why? how do you know where it will work (without trying every possible combination) ? thanks... ps - is sql hacking still vulnerable these days? cause it didn't look like...
Did you read the VM, I sent ?? I don't think SQL injection hacking is still useful today. Many websites seem to be smart enough to evade it.
Put the URL in here. Also let me know if its a premade script like vbulletin, wordpress etc. or designed by owner himself?
@indiansword here's the url http://www.churchilltrust.com.au/content.php?id=54 also according to me it has 11 coloumns table name is users password coloumn exists and its mysql version 4 correct me if i am wrong please explain what strings you used to inject it i saw many other vbulletins, do they have some other specific loopholes? how to check if they have? how to know if its made by himself or using wordpress or something else? thanks a ton.. ps - i don't have anything against this site, only to understand how sql injection works...
@saswat yes i saw, i replied too i think well i read one reply by someone somewhere that there are so many sites, there has to be quite a few still which are still vulnerable to sql injection, people are still ingnorant thinking there site won't be hacked...... that gave me a boost, and i will find atleast one site
