sql injection

I know i sound like a complete douchebag, but when you inject sql,do you type in the address bar or the login/password box.I'm guessing the url box but i'm not 100%

it all matters on what your doing. trying to login as admin persay, youll need to do it thru login box.

trying to generate a list of all the passwords of members, you do it url etc.

i just wanna clarify something. when you do a sql injection like - or – do you type it into the user box and the pass box or just one of them?:ninja::vamp::wow::radio::love::matey::evil: testing out smileys lol.

sry bout double post.:ninja::ninja:

the place that you SQL inject depends on the type of data in the form.

if its using POST data on say a login form… then you inject in the form.

however its the page is using GET data, on say a.. shopping cart, then you inject in the URL.

basically you inject anywhere you can manipulate the data.

So were can i learn to do sql injections. is it a set list of commands used or is it diffrent for each site? Is there anyone on this site who can tech me or at least tell me were i can learn sql injections? Yes 3 questions in there. If you can answer anyof them please pm me, post here or add me to msn on dblencowe@googlemail.com

SQL injection is one tricky bitch to learn. lol.

and yes its usally different for each site (if your trying to extract data) however ifyour trying to bypass a login then usally you just use the one SQL injection that you usally do.

google for SQL injection and thers a fwe articles on it, and i think some good links to articles in the link section on hbh.

Answer 1 = Here on this site

Answer 2 = Different for different websites

Answer 3 = Yes there is you just have to find them

<!–Edit Damn Cheese, your quick :p–>

yes sql is very tricky to learn but u can google it to find some tutorial.