[SQL] SQL Injection – True/False Method - 22 March 2012 - Blog - | LINUX - SECURITY |
Saturday, 2016-12-03, 6:32 PM
Welcome Guest | RSS
Statistics

Total online: 1
Guests: 1
Users: 0
Site menu
Our Documentations
1* METASPLOIT
Blog Category
# Only for beginners [39]
This category contains some introductions and tutorials about UBUNTU and BACKTRACK for those who just start using LINUX.
# Computer Security [11]
In this category, you will find all courses about the Informatique Security
# LINUX [2]
EVERYTHING ABOUT LINUX - UBUNTU & BACKTRACK - (NEWS, VIDEOS, TUTORIALS, ... )
# BackTrack 5 Tutorials [6]
In this categorie, I will post all tutorials about BackTrack5 (Installation, Configuration, Update, Hacking...)
# TechnicDynamic Tutorials [12]
Technic Dynamic is a source of education focused in the following categories of technology: (Computer - Design - Gadgets - Networking - Security) Link : http://technicdynamic.com
# Vishnuvalentino Tutorials [2]
He is a computer security specialist, and also freelance website designer. Read more : http://vishnuvalentino.com/about/
# Hackers News [6]
All news about the hackers of the world ...
# Tools [18]
All Security Tools
MEMES PICTURES [0]
Entries archive
Shopping


Follow us
facebook
Main » 2012 » March » 22 » [SQL] SQL Injection – True/False Method
10:17 PM
[SQL] SQL Injection – True/False Method

Hey guys!

This time we will be taking a look at the true & false SQL injection method.

Although most programmers have already noticed this flaw and taken the right countermeasures to prevent it, due to the large amount of websites going up everyday, there are still many vulnerable pages.

This method is simple overall, however some knowledge of programming and SQL will be handy.

Basically, we want to locate a dynamic field on the website and make it return to either true or false. So if we insert a SQL statement asking the database to return a specific amount of tables and it returns false, we know the database has less tables than what we suggested.

That is the main logic behind the method!

The easiest way to identify if the return was true or false is, mostly, simple. Wherever should the dynamic content be on the website, will be missing (either blank, or upon viewing the source code of the page, one should see: "You have an error…”).

Check out the video:




Source : http://technicdynamic.com/2012/02/sql-injection-truefalse-method/
Category: # TechnicDynamic Tutorials | Views: 423 | Added by: Administrator | Tags: sql, Injection | Rating: 0.0/0
Total comments: 0
Name *:
Email *:
Code *:
Visitors

Share This On:
Google Translator
Search
Login form
Our poll
Rate my site
Total of answers: 17
Clock & Calendar

«  March 2012  »
SuMoTuWeThFrSa
    123
45678910
11121314151617
18192021222324
25262728293031