SA-MP Forums Archive
SQL Injection - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: SQL Injection (/showthread.php?tid=361286)


SQL Injection - Swyft™ - 20.07.2012

I need help with SQL Injection how do I do it?

Re: SQL Injection - ReneG - 20.07.2012

I'm not sure how it would be done in a sa-mp server, attackers attack forums usually.
[ame="http://www.youtube.com/watch?v=PB7hWlqTSqs&feature=related"]http://www.youtube.com/watch?v=PB7hWlqTSqs&feature=related[/ame]

Re: SQL Injection - Steven82 - 20.07.2012

Quote:
Originally Posted by RockingCamman
Посмотреть сообщение
I need help with SQL Injection how do I do it?
I don't think anyone is going to give you that knowledge do to you attempting to go on servers that have SQL and injecting stuff into their databases.

Re: SQL Injection - Vince - 20.07.2012

Quote:
Originally Posted by VincentDunn
Посмотреть сообщение
I'm not sure how it would be done in a sa-mp server, attackers attack forums usually.
Mostly through login dialog. Most servers use the new DIALOG_STYLE_PASSWORD for that so the characters aren't visible anymore, but still ... Consider this query:
PHP код:
SELECT id FROM playerinfo WHERE name '%s' AND password sha1('%s'LIMIT 1
If the pass is not escaped, one could possibly input in the dialog box:
Код:
blah') OR TRUE --
which would make the query:
PHP код:
SELECT id FROM playerinfo WHERE name '%s' AND password sha1('blah') OR TRUE -- ) LIMIT 1
The double dash is the start of a comment in SQL syntax.

Re: SQL Injection - ReneG - 20.07.2012

Quote:
Originally Posted by Vince
Посмотреть сообщение
Mostly through login dialog. Most servers use the new DIALOG_STYLE_PASSWORD for that so the characters aren't visible anymore, but still ... Consider this query:
PHP код:
SELECT id FROM playerinfo WHERE name '%s' AND password sha1('%s'LIMIT 1
If the pass is not escaped, one could possibly input in the dialog box:
Код:
blah') OR TRUE --
which would make the query:
PHP код:
SELECT id FROM playerinfo WHERE name '%s' AND password sha1('blah') OR TRUE -- ) LIMIT 1
The double dash is the start of a comment in SQL syntax.
How would the information be relayed back to the attacker through a sa-mp server?

Re: SQL Injection - SuperViper - 20.07.2012

Any decent server that uses SQL escapes the string before using it in a query.

Re: SQL Injection - Christopher - 20.07.2012

Quote:
Originally Posted by VincentDunn
Посмотреть сообщение
How would the information be relayed back to the attacker through a sa-mp server?
It typically wouldn't be unless the server had been outputting the returned values from the SQL query witch in theory is stupid. This type of attack would only normally be used on a SA-MP server if you already had prior knowledge of a users ID or username.