Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

SQL Injection(In PHP) Vulnerability Check..help

  1. Home
  2. Forum
  3. Web hacking
  4. SQL Injection(In PHP) Vulnerability Check..help

ghost's Avatar

ghost

0 0

<I posted this but wonder where it goes :|, so i will post again>

I asked this question in j!nx but their members are too rude, so i have too seek help here :D Yes, i'm learning sql injection but i have no intention to hack those big company…just HYIP…if you know

I have read alot on sql injections on the net regrding asp but what i want to know is php, hope you ppl can help me answer my questions:

  1. From the net, it seems that sql injections is done be manipulating the URL or just putting some query in the field (e.g login form). But i heard that there is "MYSQL injections script", is it possible to make one?

  2. How to know if a site is vulnerable to sql injections? Take this HYIP site as example: http://www.egoldace.com (This is a future HYIP scam, and BTW i did not ask to hack, jst chack :))

Here is my sample HYIP site, try sql injecting and tell me if it is possible: http://kohkoh.freefronthost.com


ghost's Avatar

ghost

0 0

Those truely clear me up abit :) So if for instance i put a ' in the username and anything in the password, if it don't give any error, the site is pretty safe and are called "Blind SQL injections".

So what can we do to update DB datas? Below is the table(ot to be specific 'egold_account' and 'deposit_total' i want to update):

CREATE TABLE hm2_users ( id bigint(20) NOT NULL auto_increment, name varchar(200) default NULL, username varchar(20) default NULL, password varchar(50) default NULL, date_register datetime default NULL, egold_account bigint(20) NOT NULL default '0', email varchar(200) default NULL, status enum('on','off','suspended') default NULL, came_from text NOT NULL, ref bigint(20) NOT NULL default '0', deposit_total float(10,2) NOT NULL default '0.00', confirm_string varchar(200) NOT NULL default '', ip_reg varchar(15) NOT NULL default '', last_access_time datetime NOT NULL default '0000-00-00 00:00:00', last_access_ip varchar(15) NOT NULL default '', stat_password varchar(200) NOT NULL default '', auto_withdraw int(11) NOT NULL default '1', user_auto_pay_earning int(11) NOT NULL default '0', admin_auto_pay_earning int(11) NOT NULL default '0', pswd varchar(50) NOT NULL default '', evocash_account bigint(20) NOT NULL default '0', intgold_account bigint(20) NOT NULL default '0', hid varchar(50) NOT NULL default '', l_e_t datetime NOT NULL default '2004-01-01 00:00:00', activation_code varchar(50) NOT NULL default '', bf_counter tinyint(3) unsigned NOT NULL default '0', address varchar(255) default NULL, city varchar(255) default NULL, state varchar(255) default NULL, zip varchar(255) default NULL, country varchar(255) default NULL, transaction_code varchar(255) default NULL, stormpay_account varchar(200) NOT NULL default '', ebullion_account varchar(200) NOT NULL default '', paypal_account varchar(200) NOT NULL default '', goldmoney_account varchar(200) NOT NULL default '', eeecurrency_account bigint(20) NOT NULL default '0', pecunix_account bigint(20) NOT NULL default '0', ac text NOT NULL, PRIMARY KEY (id) ) AUTO_INCREMENT=3 ;