Help with SQL Injetion Attack

Hi I'm helping a friend secure his site:

Read the fucking rules. - Zeph

on the search for a carpool page if you enter: ' or 1=1– into both fields every entry shows up. I'm not sure if this means it is vulnerable or not. What types of attacks could be harmful and how much damage could they cause.

Thanks

search for "sql injection attacks" in google n u will get what u want :)

already did. a lot of that wasn't working for me.

here check this out put this in the url

http://127.0.0.1/

thats gonna tell you all you need to know about sql injection attacks:ninja::D dude

350z wrote: already did. a lot of that wasn't working for me.

well check articles here, and if that won't work for you either, there's no hope left :)

btw not the most wise thing to post url on a server that runs brutally out dated services :)

I've looked through most articles on here and on google. I'll try some of the different stuff they say, but I'm not getting any further than making all the entries show up.

How can you tell what software the server is running and what exploits could be done through that.

oh and btw he says if someone from this site hacks his site they get $10 and another $20 if they tell him how.

have him email me a contract with proof he own it and ill root it for him and explain step by step how i did it for 4 the 20 and i want it to be donated to hbh.org:ninja:

Check out System Meltdown's podcast. Google will help you with that…. and demonoid.

Bl4ckC4t

Great… another "hey, my friend has this site and will pay whoever to show me how to hack it" thread. If you want to learn how to exploit a site, read up on the topic and ask specific questions. Don't offer money for people to spoonfeed your ass because we know you're bullshitting on the money promise. Everyone does.

Lock.