Hacking With SQL Injection Attacks (and Where to Practice Them Safely)

100 thoughts on “Hacking With SQL Injection Attacks (and Where to Practice Them Safely)

  1. So would it be illegal to do this with your own account (say with gmail) to see if google (again, for example) is vulnerable? or is any attempt without permission illegal period?

  2. actually, if you don't know a username after the " ' " you can type "1=1" which in SQL works like boolean in Java the system is like hey there's a username for example "admin" is that true or false.and the 1=1 makes it true and then you can exploit and hack the way through the system

  3. So wait all I do is ('–) and it will work on anything? As in I don't need a tool in order to do it?

  4. why the hell wasn't I taught this in college yet in my IT security program?! This seem like something that should of ben addressed back in Firewall ASA or cisco 2

  5. or u can download sqldroid for android and find some vulnerable site take a screenshot upload it to fb ur hacker now

  6. Sites that have SQL injection attacks nowadays are written by hacks. MySQL, SQLite and pretty much all open source languages have query preparation, and SQL Server has a native SQLCommand interface which differentiates commands from data.
    Idiots who write software now that's open to injection attacks don't use those features and shouldn't be programming anything.

  7. Alright so Im still confused a little. So if anyone can help that would be nice. So say I went to sign into a Spotify account (and remember this is hypothetical) as long I knew the username and put '– thats all I would need to get into the account?

  8. tnx, now imma pair this with your deep web tutorial and go hack some stuff…

    (not really, plz dont send me to jail)

  9. Would it be illegal if you check your own account on a website? Or get written permission from someone to check their account?

  10. I really wish I could go back to windows 3.0 and impress my friends with this stuff because it is such basic knoledge now but it was impossible back then.

  11. "SQL injections are the most common type of hack….". This is not true, not even close. XSS and CSRF blow it out of the water

  12. Facebook doesn't actually check the password with what he did on the test site. It only checks for the spelling of the name. Of which tells us that they haven't fixed it, rather they bypassed one of the ways of doing it and left it aside.

  13. Whelp… That was equal measures fascinating and terrifying. I suppose all that can really be said is that if you want to avoid getting hacked, you have to take precautions before the scenario presents itself. Just like getting a vaccine, it takes time and hurt for a bit, but it could save your bacon down the road.

  14. Lookin to get in trouble? Hes talking googling php?id=1, but if u didnt know that good luck using windows to exploit nething

  15. I bet scam stuff is vulnerable because just because you learned this I bet you're too lazy to actually take action lol I am to so don't worry

  16. I forgot my password for something so I tried this but it didn't work, then I tried it at other sites and that also didn't work, do I do something wrong or something?

  17. I've created a web application educational game, where you can practice injection attack like in real life. Please feel free to try it anytime and leave feedback at the end, https://injection.pythonanywhere.com/

  18. Wait, can I legally tempt to access one of my accounts on websites not belonging to me like this to check if they're secure?

  19. It's not a felony to write a string in a field. It only becomes a felony when you do something with that data.

  20. If you use Java, you need like 2 extra lines of code to make any query secure, probably less per query if you structure your code correctly. It is super easy, but some people just don't do it. Not saying that I am a security expert, but this attack is really easy to defend against.

  21. I only do SQL Injection Attacks to get paid by companies to show their vulnerabilities to strengthen their infrastructure

  22. If you set up your own web site to attack yourself for educational purposes, or set up a web server on your own machine, I don't believe there's anything legally wrong with it. It's like breaking into your own house to test the strength of your locks.

  23. Can't really happen anymore unless the people who built the site are using older techniques to call the database. Theres definitely libraries that give other techniques that remedy this… but cool vid.

  24. yeah but that was a http server anything with https would be scrambled. You can just do simple web sniffing to get usernames and passwords on http sites

  25. I'm doing a Website Development course (which includes database languages) and one of the first things I learnt was how to stop SQL injections.

  26. So hyped…

  27. I am NOT intelligent enough to understand this at all. Its kinda depressing when you realize you’re stupid.

Leave a Reply

Your email address will not be published. Required fields are marked *