Monday, December 12, 2011

SQL Injection Tutorial

How SQL Works:
-Before you can perform an injection, you must first understand how SQL works.
-When you register a new username and password on a website, the username and
password you entered is kept in the site’s member table; the username and
password are put in their separate columns.
-When you log in with the username and password you registered, the login page
looks for a row in the member table that has the same username and password that
you supplied.
-The login form takes the conditions that you supply, and searches the member
table for any rows that satisfy those conditions.
-If a row exists that has both the same username and password, then you are
allowed to go on your account.
-If no row is found, the login page will tell you that the account you specified
does not exist, or that your username and password is wrong.
-SQL can also display information on a website.
-If a site has a news section, there may be an SQL table that, for example, holds
all of the article names.
-More often than not, articles on a website are identified by a number.
-When you click on a link to an article, you are usually able to see the number of
the article you clicked on by looking at the URL of the page you are on.
*For the next three bullets, please refer to figure B below*
-When you click a link like this, www.site.com/news.asp?ArticleID=10, the link
tells the site to look in the table that stores the article names for an article who’s
“ArticleID” is 10.
-Once the website has found this column in the table, it may look for a column
named “Title” in the same row and display this value as the article’s title on your screen.
-In this case, “Cats” is what you would ultimately see on your screen as the title of
the article.
-It is important to realize that what is typed after the “=” sign in the URL is part of
an SQL command;

No comments:

Post a Comment