Technic Dynamic is a source of education focused in the following categories of technology: (Computer - Design - Gadgets - Networking - Security) Link : http://technicdynamic.com
Main » 2012 » March » 22 » [SQL] SQL Injection – True/False Method
10:17 PM
[SQL] SQL Injection – True/False Method
Hey guys!
This time we will be taking a look at the true & false SQL injection method.
Although most programmers have already noticed this flaw and taken
the right countermeasures to prevent it, due to the large amount of
websites going up everyday, there are still many vulnerable pages.
This method is simple overall, however some knowledge of programming and SQL will be handy.
Basically, we want to locate a dynamic field on the website and make
it return to either true or false. So if we insert a SQL statement
asking the database to return a specific amount of tables and it returns
false, we know the database has less tables than what we suggested.
That is the main logic behind the method!
The easiest way to identify if the return was true or false is,
mostly, simple. Wherever should the dynamic content be on the website,
will be missing (either blank, or upon viewing the source code of the
page, one should see: "You have an error…”).
