i hope this fits here

[banon]

you know when a site is open for sql injections it will give you like an ivalid query message when you test it?

is it possible that the site does that and still has security past that? i know a place that i found is open for sql injections, but i can not seem to form a sql injection that works!

i have even looked through the source code of the open(for attack that is) software!

[Rijnzael]

Indeed. The site may very well see that your queries are invalid and not actually pass the query to the SQL server. Or, if it does, it may not have the functionality to give you the results because you caused an error.

[banon]

but it reports my incorrect query, so if it see's that i am trying to abuse it (and stops the attack) and it still reports the error then that is... genius

or i could just suck at sql, and it could be a genuine error.

i hope it is the latter, because i need some sql practice, it is definitly my weakest point. other than server side (telnet/ssh) hacking. do you know anybody/anywhere i can learn some more about sql exploits? and i am not talking basics, i am talking real world shit.


btw: this situation is purely theoretical of course