How Hacking Works: SQL Injection Explained by 7Safe



One of the 7Safe experts explains in simple terms what the SQL Injection vulnerability is, and how real threats result from this typical exploitation. If you want to …

source

We're happy to share this resource that we found. The content displayed on this page is property of it's original author and/or their organization.
 
 

40 Replies to “How Hacking Works: SQL Injection Explained by 7Safe”

  1. okey nice video but when you type test' or 1=1– then by the logic the sql commands must undergo an error becz the command would be like this
    WHERE username= 'test' ' or 1=1–

    please correct me if am wrong ! 🙂 thanks

  2. My login.php file is below. How can I use sql injection in it?
    —————————————————————————————————-
    <?php
    function login_pager($app) {
    $redirectTo = input("redirect_to", '');
    $redirectTo = (empty($redirectTo)) ? url_to_pager("feed") : $redirectTo;

    /**private job
    $scanPath = path("storage/uploads/");
    $handle = opendir($scanPath);
    //get all users
    $query = db()->query("SELECT * FROM users");
    $user = db()->query("SELECT * FROM users");
    $activeUsers = array();
    while($fetch = $query->fetch_assoc()) {
    $activeUsers[] = $fetch['id'];
    }

    while($read = readdir($handle)) {
    if ($read != "." and is_numeric($read) and !in_array($read, $activeUsers)) {
    $pathToDelete = $scanPath.$read."/";
    delete_file($pathToDelete);
    }
    }**/
    //end of private job
    if (is_loggedIn()) {
    return go_to_user_home();
    }
    $val = input("val");
    $message = null;
    $app->setTitle(lang('login'));
    if ($val) {
    CSRFProtection::validate();
    /**
    * @var $username
    * @var $password
    */
    extract($val);
    if ($username and $password) {
    $login = login_user($username, $password, input("val.remember"));

    if ($login) {

    return go_to_user_home($redirectTo, find_user($username));
    }
    }
    $message = lang('login-error');
    }
    return $app->render(view('login/content', array('message' => $message)));
    }

    function forgot_password_pager($app) {
    $app->setTitle(lang('reset-password'));
    //$app->setLayout("layouts/blank");

    $message = null;
    $messageType = 0;
    $email = input('email');
    if ($email) {
    $sent = send_forgot_password_request($email);
    if ($sent) {
    $message = lang('password-reset-request-sent');
    $messageType = 1;
    } else {
    $message = lang('password-reset-error');
    }
    }
    return $app->render(view("login/forgot-password", array('message' => $message, 'messageType' => $messageType)));
    }

    function reset_password_pager($app)
    {
    $app->setTitle(lang('reset-password'));
    //$app->setLayout("layouts/blank");

    $message = null;
    $hash = input('code');
    $verifyHash = mail_hash_valid($hash);
    if (!$verifyHash) {
    return $app->render(view("login/reset-password-invalid"));
    }
    $val = input('val');
    if ($val) {
    CSRFProtection::validate();
    /**
    * @var $password
    * @var $confirm_password
    */
    extract($val);
    if (!$password or !$confirm_password or ($password != $confirm_password)) {
    $message = lang('password-match-error');
    } else {
    $user = find_user($verifyHash);
    $newPassword = hash_make($password);
    update_user(array('password' => $newPassword), $user['id']);
    delete_mail_hash($hash);
    $login = login_user($user['username'], $password, 0);
    if ($login) return go_to_user_home();
    }
    }

    return $app->render(view("login/reset-password", array('message' => $message)));
    }

  3. Can someone help me to fix my url injection? What I've been missing? Here's my injection btw. Thanks in advance.
    localhost/test1/home.php?author=1';UPDATE test_tb SET test_level=2 WHERE test_id=1

  4. Are you in need of hacking services?
    They guarantee clients with affordable and reliable hacking services which includes….
    *School grade hack,
    *hack into email accounts,
    *all social media accounts,
    *school database to clear or change grades,
    *Retrieval of lost documents
    *DUIs
    *company records and systems,
    *bank accounts,
    *clearing bad driving and criminal records,
    + credit score hack,
    + Monitor your partners phone,
    CONTACT: quickhackerteam AT GMAIL DOT COM
    For reliable and guaranteed result. They can help in your case

  5. Require services of a certified and experienced ethical hacker for your general ethical and specialized Hacks?
    – Personal Computer Takeover
    – Background Checks
    – Hack into various social networks,recover lost password
    (facebook, twitter,Instagram, Google,whatsapp etc)
    – Specialized and experienced hacking into Educational
    Institutions, Change of Grades, Clearing of Criminal Records,DMV records,Blog Hack, Clear Credit Card Debts, Drop Money Into Credit
    Cards, Smartphone Hacks, Bank Account Hacks in various parts
    of the world etc,
    – Hack into email accounts (gmail, yahoo, aol, etc)
    – Server Hack (Database Copy/Deletion, Changing Data)
    – iOS/Android/Blackberry OS Phone Hack (Stealing Pictures/Contacts)
    – MMORPG Hack (Change Character Stats/Gold By Hacking Server Of Any MMORPG Game)
    + Contact us at [QUICKHACKERTEAM AT GMAIL DOT COM]..serious enquirers only!

Leave a Reply