var unreadAlerts = '1';
You have one unread private message from dkota titled Welcome to the Forum!

SQL injeck
#1
who can give instructions or recommendations on sql inject ?
Report
#2
ghost Wrote:
alexeyi21 Wrote: who can give instructions or recommendations on sql inject ?

Start with installing linux which has sqlimap.
 already installed
Reply Quote // Report
#3
do you know SQL? If you don't, then that is your first step.
Second would be to implement a simple database connection in a language of your choice.
You will understand how SQL injections work and happen that way.

You likely have defaulted to string concatenation for your SQL strings
that is however what causes SQL injections, you should always use prepared statements
instead and use the database drivers functionality to supply arguments.

There still might be problems with the input, so you have to do sanity checks on the data
provided also. Usually this can be done in the database directly using PL/SQL but using client side
checks is more common now. Client side means client to the database and is usually still on the server
a customer or anything should never run software that has direct database access ofc.
Reply Quote // Report
#4
this maybe could help you out anonfiles.com/q9Sb4aebba/SQL_Injection_Tutorial.pdf
Reply Quote // Report
#5
If you're learning, take a look at Hack The Box and search for SQL Injection machines
 aha@lake.money
TOX: E9D179114E95EC8FA4F5E35AFA3730C02A820E6AC390EB256B43117E507BB62BAC5A381CBBF4
Reply Quote // Report


Quick Reply
Message
Type your reply to this message here.





Users browsing this thread: purely_cabbage
var thread_deleted = "0"; if(thread_deleted == "1") { $("#quick_reply_form, .new_reply_button, .thread_tools, .inline_rating").hide(); $("#moderator_options_selector option.option_mirage").attr("disabled","disabled"); }