Some people just doesn't get along with bunnys and ducks. THE HUMANITY! T_T

Cool.

wait what? Brian cocknose?

very nice

msql_real_escapestring()

done

Hey Mickey ohhhhhhhh mickey your so find your so fine hey mickeyyyy..AAHAA

poor Mickey

doest work now a days on any website

@sbukhari7 It's a basic injection. To use it for any web site, you should learn sql and have any kinda brain.

the fucking site you have mentioned is not availible fucker

@sbukhari7 Of course it is not availible

1) He said it was a lab

2) That is an internal IP

Hello bugs

Alright so I hacked a website and edited some gallery pictures and some other stuff. (I am loged in as admin) But what if I want to edit the html scripts, I mean like edit the writings and homepage etc? Help anyone :)

@HaveAScream

i have admin logins of 3 webshops and one donation page. all i do with them - steal email lists, addresses, phones, and if possible CCs (i sell that all) . no one even notices that i do that before im gone.

Assholes like u just ruin the day for site owners deleting and modifying their data without any reason. neither u get a good neither some one else.

in my case i get good, but dont ruin the day for site administrators and owners.

@G09000000 Seems like I care? I find it amusing to ruin for people.

@HaveAScream

then show what u have did? i did this in last night. i do that to get CCs when possible.

festivaling(dot)co(dot)uk/help­.html

pscad.com/site_map/

can u do this on mac

None of these worked on any site I tried.

@xlaleclx SQL injection is a badly set up database, its not every site with a login field will be venerable in fact very few sites are and they are a lot more complex than this.

@xlaleclx This is the basic only, called blind attack, not effective. In fact SQL Injection is very popular and effective. Most experienced attackers would write their own scripts rather than using blind input like this demos showed.

Wow, I didn't know cartoons names were so big 2009. Hmph.

Bugs,Mickey,Donald?WTF?

LOL Bugs isn't party of the disney channel stars, silly.

thnx bro it really workdd :) : B)

Great explanation, I love the video.

Straightforward explanation, but way too simple, try posting something harder :)

imperva wow fail im - perva

Program to search for vulnerabilities in php scripts

You can download the program go to:

rapidshare. com/files/454622728/security.r­ar

depositfiles. com/files/946egeo54

Note:

In reference to remove blank!

The file can swear antivirus!

Программа для Защиты сайта от sql injection

Скачать программу можно по ссылке:

depositfiles. com/ru/files/0ewy3n95p

Примечание:

В ссылке убрать пробел!

На файл может ругаться антивирус!

mickey mouse,donald duck,buggs bunny, damn ...

emad-iraq.co.cc

All your doing is creating noobs that will never learn SQL and PHP, that are just going to copy the commands you input. Great job of explaining any evidence of an injectable site.

excellent explanation! thank you

The Newest Black Hat Hacking Forum, has just been put online, We are looking for 2 Admins, and 6 Mods! 0day exploits, and FUD tools! ThinkFastForum . com

please bro reply

how can have like this website so i could try some injection on it please !

c'est DONOVAN in your pictures  did this work in the internet merci

lol worked with this forum

ht t p : / / mu - platinum . forumr . net

Injection Tool by Pr0xY

With this tool you can exploited SQL injections without any knowledge, All that you need to find is site with SQL injection and what remains is to choose one of the options tool and that done.

I think you had to explain what "firstname" is, because lots of people here don't know SQL. And not every database has it named "firstname" so it might not work. For example, when I create my database, instead of firstname I put "numele", in my own language...

I have tried many attacks on my own website using the sql injection command provided by you but none is working. How can i know that website is vulnerable to sql injection or not?? your help is very much appreciated or maybe you can make video how to check if the website vulnerable or not

@ayotollah If you are doing blind attack like this (which is slow and lame), put a ' in front of every domain or sub domain to test. If the site shows blank or come out differently then you know it possibly vulnerable.

@ayotollah Remember, anywhere on the target that has typing text section (search field, login...) can use to input your codes. Just be creative.

can you give me the source for that website

you explain well. Better than other sqli tuts.

This isnt fake. this actually works but it is kinda uncommon to find a site vulnerable to this. And to answer hacksesssful i think it is an ip is because i think he is running this in a xamp server(in this case i think wamp, cause hes on windows).

Obviously this won't work on a lot of websites, since most well-known sites are aware of this and will add code to their logins to avoid this type of attack.

@wheresmyarm it works on the united nations chinese website

@wheresmyarm I know this is old but do you mean like SONY? which had its databases compromised yet again by Lulz Security

i tired it they didnt work =(

ok but is the password random?

Wow... they still make superveda??

If you want the same type thing go for webgoat, its free and updated on a regular basis with new vulns.