Follow us on Twitter!
It is the path of least resistance that makes rivers and men crooked. - Bj Palmer
Monday, April 21, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 25
Guests Online: 22
Members Online: 3

Registered Members: 82855
Newest Member: icepeter
Latest Articles
View Thread

HellBound Hackers | Computer General | Web hacking

Author

SQL Injection(In PHP) Vulnerability Check..help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-06-06 04:57
<I posted this but wonder where it goes Frown, so i will post again>

I asked this question in j!nx but their members are too rude, so i have too seek help here Grin Yes, i'm learning sql injection but i have no intention to hack those big company...just HYIP...if you know

I have read alot on sql injections on the net regrding asp but what i want to know is php, hope you ppl can help me answer my questions:

1) From the net, it seems that sql injections is done be manipulating the URL or just putting some query in the field (e.g login form). But i heard that there is "MYSQL injections script", is it possible to make one?

2) How to know if a site is vulnerable to sql injections? Take this HYIP site as example: http://www.egoldace.com (This is a future HYIP scam, and BTW i did not ask to hack, jst chack Smile)

Here is my sample HYIP site, try sql injecting and tell me if it is possible:
http://kohkoh.freefronthost.com
Author

RE: SQL Injection(In PHP) Vulnerability Check..help


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 11-06-06 05:25
Those truely clear me up abit Smile So if for instance i put a ' in the username and anything in the password, if it don't give any error, the site is pretty safe and are called "Blind SQL injections".

So what can we do to update DB datas? Below is the table(ot to be specific 'egold_account' and 'deposit_total' i want to update):

CREATE TABLE `hm2_users` (
`id` bigint(20) NOT NULL auto_increment,
`name` varchar(200) default NULL,
`username` varchar(20) default NULL,
`password` varchar(50) default NULL,
`date_register` datetime default NULL,
`egold_account` bigint(20) NOT NULL default '0',
`email` varchar(200) default NULL,
`status` enum('on','off','suspended'Wink default NULL,
`came_from` text NOT NULL,
`ref` bigint(20) NOT NULL default '0',
`deposit_total` float(10,2) NOT NULL default '0.00',
`confirm_string` varchar(200) NOT NULL default '',
`ip_reg` varchar(15) NOT NULL default '',
`last_access_time` datetime NOT NULL default '0000-00-00 00:00:00',
`last_access_ip` varchar(15) NOT NULL default '',
`stat_password` varchar(200) NOT NULL default '',
`auto_withdraw` int(11) NOT NULL default '1',
`user_auto_pay_earning` int(11) NOT NULL default '0',
`admin_auto_pay_earning` int(11) NOT NULL default '0',
`pswd` varchar(50) NOT NULL default '',
`evocash_account` bigint(20) NOT NULL default '0',
`intgold_account` bigint(20) NOT NULL default '0',
`hid` varchar(50) NOT NULL default '',
`l_e_t` datetime NOT NULL default '2004-01-01 00:00:00',
`activation_code` varchar(50) NOT NULL default '',
`bf_counter` tinyint(3) unsigned NOT NULL default '0',
`address` varchar(255) default NULL,
`city` varchar(255) default NULL,
`state` varchar(255) default NULL,
`zip` varchar(255) default NULL,
`country` varchar(255) default NULL,
`transaction_code` varchar(255) default NULL,
`stormpay_account` varchar(200) NOT NULL default '',
`ebullion_account` varchar(200) NOT NULL default '',
`paypal_account` varchar(200) NOT NULL default '',
`goldmoney_account` varchar(200) NOT NULL default '',
`eeecurrency_account` bigint(20) NOT NULL default '0',
`pecunix_account` bigint(20) NOT NULL default '0',
`ac` text NOT NULL,
PRIMARY KEY (`id`)
) AUTO_INCREMENT=3 ;