you need to explain why blah? why not halb? or what ever?

@adofri It's just random stuff, that the server doesnt expect to have to return. It either is not there or its an invalid request. ex:

int(blah)

download havij 1.4.0 version for password sql injection index.php and index.asp

there are altot of these type tutorials on kobusvdwalt.blogspot.com

I have a tutorial on hacking here watch it itl blow you ur mind

Very interesting! I'll be sure to try a number of these out sometime.

Use havij. its easier

mysql_real_escape_string();

problem solved.

big fat guy dont know anything he is just secretly hearing what they talking about and learn from them

can i hang out with you guys

dun trust this video. try my site:  vnphoto.net

Most of this stuff doesn't work anymore.... :-(

@Spicniggereater Dude SHUT THE FUCK UP ALREADY Fucking Cock Sucker! don't run your mouth about something in which you have no understanding

hi sir i want to know more about sql injection ....................I try it but not success more in it.

Program to search for vulnerabilities in php scripts

You can download the program go to:

rapidshare. com/files/454622728/security.r­ar

depositfiles. com/files/946egeo54

Note:

In reference to remove blank!

The file can swear antivirus!

fooling

this stuff is indeed common knowledge to developers... but wordpress is actually been used by a lot of people that just copy+paste stuff from the internet and throw a forum for their gameclan together and put it online.

and i actually know there are people that do not understand much about sql but if they would they would happily crash other peoples party by ruining a forum or website.

@MegaSHamed: Hello, I hope you realized that this video was split into two parts. Also, this video was meant to be educational; therefore, I started it by explaining the basics of SQL injection and why it works. After the viewer understands the concept of the attack, I gave an example of how it can be used to extract information from a website. When I made this video I had already fixed the flaw on my actual website, so hosted an un-patched version of my site on my local machine.

@Gregorpm i took my words back, great job guys.

@MegaSHamed make a better one...

You have to be kidding me? An admin with a little bit of knowledge will make sure all the passwords are stored on an external localhost machine with md5 hashes. Your site is a joke

@RSaddon: An external localhost machine? I'm assuming you meant a remote host. Well I'm happy to inform you that members of my site have their passwords stored as salted MD5 Hashes on a remote MySql server. The website shown in this video was a clone of my real site with fake hashes. This way actual members don't have their hashes exposed.

@RSaddon 1) you know nothing 2) unsalted md5 hashes are fairly weak pieces of shit if your users do not choose strong passwords.

Finally a good tutorial on SQL injections thanks nice video

@vertizontal0071

of course all famous sites protect their scripts for example with

mysql_real_escape_string.

Go Linux!

Microfrost is crap!

ok, the best thing about windows is when you uninstall it

windows XP lol

@K2ACP Best windows so?

@plokooni but it's windows -_- and i thought ME & 98 were the best

@K2ACP 98 isnt stable enough

linux ftw :p

@plokooni agreed. i use openSUSE (mac's are prettty good too!)

Yea i prefer gentoo :)

guys are you great ,but i have questen for you what if web sites no have user ,alredy memeber e.g 436.html.

What now?

then you have to find a different exploit because clearly that one doesnt work. Im not sure that a .html ending even uses php at all so you're screwed through that attack.

It's rare to find any vunerable websites with this, stripslashes is basic knowlege with php.

by the way what's the title of the song?

Jambi - Tool

you guys are great!! can i be a part of your team? just hoping.,

I honestly hate people like you. Why say "I already knew most of the stuff"...No you didn't. You're just a dickfuck that doesn't know shit. There is nothing wrong with LEARNING.

@DangerD205 I think your being a bit harsh, alot of this stuff is common knowldge for alot of web developers.

Although I do agree, theres nothing wrong with admiting that you learnt something.

Just i hace a dream that as a programmer will be a good hacker. just curious. Can i help some one

no use hex. it will except it with out /'s. look it up: hex converter.

how did you guys all meet, and when did you guys start hacking? just curious, seems like you guys know your stuff.

anyone know any websites that are vulnurable?

part of hacking and cracking is finding the things out for yourself.

just aksing for sum friendly help

No prob, but usually after someone finds a site that is vulnerable and hacks it, it is quickly brought to the attention of the website staff and admin.

you could always google search Login Page. and try inputting these strings over and over and over into all the different login pages.

yes i have but like you said ther either allredy hacked and messed up or most have been made sql proof

@elobire Book: "Exploiting Software - How to Break Code". Get a good book on SQL, learn by doing--read, research, practice.

i never gona understand that.too complicated

louder/better audio please

great video!great opening music![tool]!give us more...and maybe some php?;)

hmm on what websites does it work? couldn't get this or XSS to work...any help? :)

what computers are those? What others are able to run bt3 without any problem. Thinking of buying a laptop for bt3 and ubuntu?

Why is the big dude always staring at his computer screen with his head down in some of the episodes of infinity exits?

Just, like to... Ocupate the free space in the camera?

Anyways, Nice vid

Not many sites work with SQL now they all stopped it.

Pokemon4949: Are you dumb? MANY MANY sites are vulnerable. Most sites, actually. Don't say anything when you've no idéa..

Ermm It Dowent work For All The Websites!

Eg gang bliss,bebo,gangster pardise

Tool :)

Stick to picking locks. One day, if you're lucky, you'll get caught by the cops and be accessorized with silver bracelets and contusions (bruises) as you're hauled away to the gray-bar hotel. While rotting there, you can take a course on computers and learn how to hack.

Jambi! haha love that song

Make your SQL Query in (int), this will protect you from this ;)

Tool!!! xD

Excellent guys v.good job!!

netoveride are you new? more like 9 times out of 10 when an exploit is found and published it's based upon an a weakness in code that could be attacked via sql injection. Someone needs to take a look at packetstorm sometime or milw0rm there isn't a day in the week when you can't find a newly published sql attack.

Don't even answer the past comment dumb question

Could you post a .asp website hack?

9 out of 10 websites with an sql database have been protected, try typing in admin/login.asp "all those have sql or asp" and see how many you can hack

but...wait before I say that...At the bottom (FerryWell) Why the heck would I need a 3 or 4 hundred dollar AirPcap Driver for webserver hacking. I don't (It is good for wireless hacking). What I was going to say is that even though this sql isn't as common, blind sql via manual input or sql brute force is still pretty common. If you use 1=1 and get a blank page it was succesful, error means not succesful. It is a yes/no game with the website. It is also the hardest type of attack

wow, Nice vid guys, learned alot =P

u seem to be pro hackers as well =)

nice vid guys.

There are allmost no SQL based servers who are still voulnurable for this sort of scripting...

Even not IE's forum ;)

the SQL server aint the bit thats vunerable you noob! SQL servers get commands from SQL strings

if the SQL sting is SELECT * FROM USERS WHERE ID=1 and i add OR 1=1 to the end th full code would be SELECT * FROM USERS WHERE ID=1 OR 1=1 pointless example but thatsn the idea

DUH! but people made it impossible to put in strings like that through an external adress sinds this got public...

When you try the 1 equals 1 trick it wil just say user not found OR giving an empty user page...

And by server i ment device hosting SQL language based scripts such as forums...

its got nothing to do with the server. like he says in the video the stripslashes function. its all coded nothing to with the server. the server just responds to the commands u give it

can anyone tell me a good password sniffer for a remote FTP server login?

do you any of you know of any SQL vulnurable sites???

Anything that as SQL on it ;)

try dsniff for sniffing passwords. It assumes you have access to the LAN (wireless is great!) and that you have suitable drivers and card on your attack device. I use a Sharp Zaurus running Debian pocketworkstation. It works a treat for FTP, email etc.

go to google and search for

inurl:asp inur;productid=

lots of sites are vulnerable to SQL injection, Ive hacked 3 this week but I'm a 'white hat' so I cant tell you the URLs

Yeah thats like a cain & abel idea... like the AirPcap :P i love the device... :) still need to order one but seen what it can do :D ^^

If you are realy going to try this stuf just buy some good gear like a AirPcap Card ;) ( or USB ).

sweet that was good clip

AWESOME SONG!! havent heard it in awhile, guess where i found this video... ON CBS!!! they were talking about the huge hack on JCX which is JCPennys headquaters i guess.. they were sayin, " it can even be found on youtube " like a 5 sec clip of you!! lol id be siked if i were u lol ahah awesome keep up the good work this S@#% rocks!!

Thanks

the song is Tool - Jambi