SQL Injection - Printable Version
+- SA-MP Forums Archive (
https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (
https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (
https://sampforum.blast.hk/forumdisplay.php?fid=12)
+--- Thread: SQL Injection (
/showthread.php?tid=361286)
SQL Injection -
Swyft™ - 20.07.2012
I need help with SQL Injection how do I do it?
Re: SQL Injection -
ReneG - 20.07.2012
I'm not sure how it would be done in a sa-mp server, attackers attack forums usually.
[ame="http://www.youtube.com/watch?v=PB7hWlqTSqs&feature=related"]http://www.youtube.com/watch?v=PB7hWlqTSqs&feature=related[/ame]
Re: SQL Injection -
Steven82 - 20.07.2012
Quote:
Originally Posted by RockingCamman
I need help with SQL Injection how do I do it?
|
I don't think anyone is going to give you that knowledge do to you attempting to go on servers that have SQL and injecting stuff into their databases.
Re: SQL Injection -
Vince - 20.07.2012
Quote:
Originally Posted by VincentDunn
I'm not sure how it would be done in a sa-mp server, attackers attack forums usually.
|
Mostly through login dialog. Most servers use the new DIALOG_STYLE_PASSWORD for that so the characters aren't visible anymore, but still ... Consider this query:
PHP код:
SELECT id FROM playerinfo WHERE name = '%s' AND password = sha1('%s') LIMIT 1;
If the pass is not escaped, one could possibly input in the dialog box:
which would make the query:
PHP код:
SELECT id FROM playerinfo WHERE name = '%s' AND password = sha1('blah') OR TRUE -- ) LIMIT 1;
The double dash is the start of a comment in SQL syntax.
Re: SQL Injection -
ReneG - 20.07.2012
Quote:
Originally Posted by Vince
Mostly through login dialog. Most servers use the new DIALOG_STYLE_PASSWORD for that so the characters aren't visible anymore, but still ... Consider this query:
PHP код:
SELECT id FROM playerinfo WHERE name = '%s' AND password = sha1('%s') LIMIT 1;
If the pass is not escaped, one could possibly input in the dialog box:
which would make the query:
PHP код:
SELECT id FROM playerinfo WHERE name = '%s' AND password = sha1('blah') OR TRUE -- ) LIMIT 1;
The double dash is the start of a comment in SQL syntax.
|
How would the information be relayed back to the attacker through a sa-mp server?
Re: SQL Injection -
SuperViper - 20.07.2012
Any decent server that uses SQL escapes the string before using it in a query.
Re: SQL Injection -
Christopher - 20.07.2012
Quote:
Originally Posted by VincentDunn
How would the information be relayed back to the attacker through a sa-mp server?
|
It typically wouldn't be unless the server had been outputting the returned values from the SQL query witch in theory is stupid. This type of attack would only normally be used on a SA-MP server if you already had prior knowledge of a users ID or username.