SQL Injection Wargame
Results 1 to 4 of 4

Thread: SQL Injection Wargame

  1. #1
    Junior Member
    Join Date
    Apr 2008
    Posts
    2

    Thumbs up SQL Injection Wargame

    Exploiting an SQL Inject attack involves solving a puzzle that is a cross between Hangman and 20 Questions. It needs a little understanding of SQL and a great deal of cunning.

    Try your Hacking skills against this test system. It takes you through the exploit step-by-step.

    The SQL Injection attack allows external users to read details from the database. In a well designed system this will only include data that is available to the public anyway. In a poorly designed system this may allow external users to discover other users' passwords.

    Want to know what the hacker do?
    See this video http://w13.easy-share.com/1699826799.html

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hello ekosch,

    Welcome to AO

    I have amended the title of your post so that it will get a better audience
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Junior Member
    Join Date
    Apr 2008
    Posts
    2

    Lightbulb Hacking Website

    Exploiting an SQL Inject attack involves solving a puzzle that is a cross between Hangman and 20 Questions. It needs a little understanding of SQL and a great deal of cunning.

    Try your Hacking skills against this test system. It takes you through the exploit step-by-step.

    The SQL Injection attack allows external users to read details from the database. In a well designed system this will only include data that is available to the public anyway. In a poorly designed system this may allow external users to discover other users' passwords.

    Try these steps:
    To gain access and find a user name. Enter the string 'OR''=' as both user name and password in the frame on the right. This should get you logged in as a user (jake happens to be the first user in the table). This tells you that Jake is a user and it allows you to access his account - but it does not tell you his password.

    Find out if Jake's password includes the letter "w". Enter xxx as user name and enter the following string as the password: ' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '%w%') AND ''='

    Find out if Jake's password has "w" as the third letter. Enter xxx as user name and enter the following string as the password: ' OR EXISTS(SELECT * FROM users WHERE name='jake' AND password LIKE '__w%') AND ''='

    See the video how is work http://w13.easy-share.com/1699826799.html

  4. #4
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    I moved this last post here, too - it was in Tutorial Submissions, where it doesn't belong.

Similar Threads

  1. Shoestring SQL Injection Prevention
    By catch in forum The Security Tutorials Forum
    Replies: 27
    Last Post: August 9th, 2006, 08:01 AM
  2. SQL Tutorial Basics
    By mikester2 in forum Other Tutorials Forum
    Replies: 5
    Last Post: January 31st, 2005, 12:16 PM
  3. Heads Up - Cumulative Patch for Microsoft SQL Server (815495)
    By CXGJarrod in forum Microsoft Security Discussions
    Replies: 0
    Last Post: July 23rd, 2003, 10:00 PM
  4. SQL Injection
    By sambeckett in forum AntiOnline's General Chit Chat
    Replies: 1
    Last Post: February 13th, 2003, 07:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides