Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Basic 16

  1. Home
  2. Forum
  3. Basic
  4. Basic 16

ghost's Avatar

ghost

0 0

Okay I already beat this lvl…easy…BUT my question is how do I know that its sql vulnerable except being told, in fact how do I know it's PHP in the first place? It make it easier to find vulnerabilities if I could limit them down a little….


stealth-'s Avatar

stealth-

Ninja Extreme
0 0

Well, files ending in ".php" are always php files, and sometimes other extensions aswell. There is no real way to "check", other than trying it for yourself. There are some applications out there that automate the Injection process, but whether or not you use those depends on your stance of applications like that. SQLMap and Nikto are tools commonly used to search for injections of all sorts.

SQL injection isn't just limited to PHP files, by the way. Anything that queries a database has a chance of being injected.


stealth-'s Avatar

stealth-

Ninja Extreme
0 0

MoshBat wrote: (Is it just me, or has it suddenly gotten really active? I mean active for this place…)

Yeah, it's picked up quite a bit lately. Also, I beat you to this one, too ;)