Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

SQL Injection ethical hacking [closed]

Tags:

sql

This is not a programming question but I have no idea why I did it. Yesterday, I was going through a tutorial about ethical hacking and found a tutorial about SQL injection. It says, find an admin login.asp site and enter as follows: Admin: Admin Password: ' or '1'='1

I really don't know what is that and how it works. But, when I tried the same for a website, I was shocked by the result. It gave me a warning like "... your IP address ip xxx.xxx.xxx.xxx and you may be prosecuted for this action ... etc" I was really scared by the warning. I had no intention to do anything, I was just following the tutorial.

Can anyone tell me what will happen to me? I am really worried about this.

like image 792
jeewan Avatar asked Aug 13 '12 14:08

jeewan

People also ask

Is SQL injection still possible?

Even though this vulnerability is known for over 20 years, injections still rank number 3 in the OWASP's Top 10 for web vulnerabilities. In 2022, 1162 vulnerabilities with the type “SQL injections” have been accepted as a CVE. So the answer is: Yes, SQL injections are still a thing.

Is SQL injection considered hacking?

SQL injection is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input.

What is SQL injection in ethical hacking?

What Is an SQL Injection Attack? SQL Injection (SQLi) is a popular attack vector that makes it possible for an attacker to perform malicious SQL statements for backend database manipulation or restrict the queries that an application makes to its database.

Are SQL injections illegal?

In the US, SQL injection and other types of “hacking” are illegal under various laws and regulations stemming from the Computer Fraud and Abuse Act and the Patriot Act .

2 Answers

To sum up what happened:

  1. You attempted to inject SQL through whatever method you tried.

  2. Their website was smart enough to recognize your input.

  3. They generated an automated threat and sent it back to your browser.

I doubt you have to be worried. Their website most likely gets these kinds of attacks quite often and the amount of money they need to spend to prosecute is pretty great and that is only IF it is considered illegal in your region.

like image 185
Luke Wyatt Avatar answered Sep 17 '22 21:09

Luke Wyatt

You should send them an email where you describe that you wanted to study techniques to avoid SQL injection attacks on your side. You should apologize and I'm sure there will be no problems.

like image 22
Lajos Arpad Avatar answered Sep 18 '22 21:09

Lajos Arpad
Sign in to Comment

Related questions

Dealing with Massive Graphs - Traveling Salesperson
MySQL double LEFT OUTER JOIN
Magento: Get Collection of Order Items for a product collection filtered by an attribute
create XML doc from SQL query
Error converting datatype nvarchar to int
Postgresql copy data within the tree table
SQL-Server and MySQL interoperability?
Syntax error (missing operator) in MS-Access Query
SQL in (@Variable) query
How do I copy data between tables PostgreSQL
SQL Creating an Alias Column For a Nested Select?
Passing datatable from C# to SQL Server 2008
Using SQL LOADER in Oracle to import CSV file
Split string in SQL Server to a maximum length, returning each as a row
Exception "Invalid column name 'False' with SqlConnection
COUNT is incorrect when grouping?
DB2 equivalent of [ColumnName]
Return rows where first character is non-alpha
Create additional table in existing SQLITE (without data loss)
how to select only some columns in SQLAlchemy?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!