1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help

Threaded Mode
SQL Injection
Swyft™
Huge Clucker
****
Posts: 496
Threads: 63
Joined: Jan 2010
Reputation: 0
#1

20.07.2012, 15:51
I need help with SQL Injection how do I do it?
Find
Reply
ReneG
High-roller
*****
Posts: 1,905
Threads: 63
Joined: Oct 2011
Reputation: 0
#2

20.07.2012, 15:57
I'm not sure how it would be done in a sa-mp server, attackers attack forums usually.
[ame="http://www.youtube.com/watch?v=PB7hWlqTSqs&feature=related"]http://www.youtube.com/watch?v=PB7hWlqTSqs&feature=related[/ame]
Find
Reply
Steven82
High-roller
*****
Posts: 2,431
Threads: 86
Joined: Nov 2009
Reputation: 0
#3

20.07.2012, 16:02
Quote:
Originally Posted by RockingCamman
Посмотреть сообщение
I need help with SQL Injection how do I do it?
I don't think anyone is going to give you that knowledge do to you attempting to go on servers that have SQL and injecting stuff into their databases.
Find
Reply
Vince
Spam Machine
*****
Posts: 10,066
Threads: 38
Joined: Sep 2007
Reputation: 0
#4

20.07.2012, 16:05
Quote:
Originally Posted by VincentDunn
Посмотреть сообщение
I'm not sure how it would be done in a sa-mp server, attackers attack forums usually.
Mostly through login dialog. Most servers use the new DIALOG_STYLE_PASSWORD for that so the characters aren't visible anymore, but still ... Consider this query:
PHP код:
SELECT id FROM playerinfo WHERE name '%s' AND password sha1('%s'LIMIT 1
If the pass is not escaped, one could possibly input in the dialog box:
Код:
blah') OR TRUE --
which would make the query:
PHP код:
SELECT id FROM playerinfo WHERE name '%s' AND password sha1('blah') OR TRUE -- ) LIMIT 1
The double dash is the start of a comment in SQL syntax.
Find
Reply
ReneG
High-roller
*****
Posts: 1,905
Threads: 63
Joined: Oct 2011
Reputation: 0
#5

20.07.2012, 16:11
Quote:
Originally Posted by Vince
Посмотреть сообщение
Mostly through login dialog. Most servers use the new DIALOG_STYLE_PASSWORD for that so the characters aren't visible anymore, but still ... Consider this query:
PHP код:
SELECT id FROM playerinfo WHERE name '%s' AND password sha1('%s'LIMIT 1
If the pass is not escaped, one could possibly input in the dialog box:
Код:
blah') OR TRUE --
which would make the query:
PHP код:
SELECT id FROM playerinfo WHERE name '%s' AND password sha1('blah') OR TRUE -- ) LIMIT 1
The double dash is the start of a comment in SQL syntax.
How would the information be relayed back to the attacker through a sa-mp server?
Find
Reply
SuperViper
High-roller
*****
Posts: 1,177
Threads: 27
Joined: Sep 2011
Reputation: 0
#6

20.07.2012, 16:44
Any decent server that uses SQL escapes the string before using it in a query.
Find
Reply
Christopher
Big Clucker
***
Posts: 66
Threads: 1
Joined: Oct 2011
Reputation: 0
#7

20.07.2012, 16:55
Quote:
Originally Posted by VincentDunn
Посмотреть сообщение
How would the information be relayed back to the attacker through a sa-mp server?
It typically wouldn't be unless the server had been outputting the returned values from the SQL query witch in theory is stupid. This type of attack would only normally be used on a SA-MP server if you already had prior knowledge of a users ID or username.
Find
Reply
« Next Oldest | Next Newest »


Forum Jump:


Users browsing this thread: 1 Guest(s)
  1. SA-MP Forums Archive
  2. SA-MP Scripting and Plugins
  3. Scripting Help