Jump to content
MakeWebGames

ADVANCE SQL EXPLOITS


Recommended Posts

IAM A CREATOR OF MANY SQL EXPLOITS,THAT ARE USED. THEY ARE PRETTY EASY TO MAKE IF YOU UNDERSTAND IT BUT THE MORE COMPLICATED ONES COULD DAMAGE MOSLY ANY GAME AND SOMETIMES TAKES WEEKS OR A MONTH OR TWO TO CREATE THESE DEPENDING ON THE NATURE OF THE GAME YOU WANT TO EXPLOIT. A GOOD SERVER AND A BACKED UP DATABASE WILL BE MUCH HARDER TO EXPLOIT THAN OTHERS.

Link to comment
Share on other sites

Re: ADVANCE SQL EXPLOITS

yea sure

so you do know that 99% uses a mySQL server instead of a SQL server

good luck and caps wont help we do hear your fables

also if you really would exploit, better start to hide yourself better instead of using your ISPs connection

Link to comment
Share on other sites

Guest Anonymous

Re: ADVANCE SQL EXPLOITS

Oh do grow up you stupid little child, we are not in the slightest bit interested in whether you can create these so called SQL exploits. Why? Because of all the types of attacks against a machine, that is the easiest to detect, block and prevent.

When you finally manage to learn a subject and a set of skills worthy of somebody with an IQ *above* ambient room temperature feel free to come back and enter into a grown up discussion.

Link to comment
Share on other sites

Re: ADVANCE SQL EXPLOITS

 

IAM A CREATOR OF MANY SQL EXPLOITS,THAT ARE USED. THEY ARE PRETTY EASY TO MAKE IF YOU UNDERSTAND IT BUT THE MORE COMPLICATED ONES COULD DAMAGE MOSLY ANY GAME AND SOMETIMES TAKES WEEKS OR A MONTH OR TWO TO CREATE THESE DEPENDING ON THE NATURE OF THE GAME YOU WANT TO EXPLOIT. A GOOD SERVER AND A BACKED UP DATABASE WILL BE MUCH HARDER TO EXPLOIT THAN OTHERS.

d**k heads like you what destroy games what do you get out of it?

Link to comment
Share on other sites

Re: ADVANCE SQL EXPLOITS

 

IAM A CREATOR OF MANY SQL EXPLOITS,THAT ARE USED. THEY ARE PRETTY EASY TO MAKE IF YOU UNDERSTAND IT BUT THE MORE COMPLICATED ONES COULD DAMAGE MOSLY ANY GAME AND SOMETIMES TAKES WEEKS OR A MONTH OR TWO TO CREATE THESE DEPENDING ON THE NATURE OF THE GAME YOU WANT TO EXPLOIT. A GOOD SERVER AND A BACKED UP DATABASE WILL BE MUCH HARDER TO EXPLOIT THAN OTHERS.

di*k heads like you what destroy games what do you get out of it?

I doubt hes the kind of d**k head that destroys games, don't think he could...

Maybe just knows a few pre-made injections that only work on new / insecure games if lucky...

I don't see how a backed up database will make it harder to find exploits, its just backup for the owner. Won't effect the code.

Server wouldn't really effect it much either, its mainly based on your code (queries).

Link to comment
Share on other sites

Re: ADVANCE SQL EXPLOITS

 

Oh do grow up you stupid little child, we are not in the slightest bit interested in whether you can create these so called SQL exploits. Why? Because of all the types of attacks against a machine, that is the easiest to detect, block and prevent.

When you finally manage to learn a subject and a set of skills worthy of somebody with an IQ *above* ambient room temperature feel free to come back and enter into a grown up discussion.

Wow Krisler you might need some of this.

n_burnoint_lg.jpg

Link to comment
Share on other sites

  • 1 month later...

Re: ADVANCE SQL EXPLOITS

 

IAM A CREATOR OF MANY SQL EXPLOITS,THAT ARE USED. THEY ARE PRETTY EASY TO MAKE IF YOU UNDERSTAND IT BUT THE MORE COMPLICATED ONES COULD DAMAGE MOSLY ANY GAME AND SOMETIMES TAKES WEEKS OR A MONTH OR TWO TO CREATE THESE DEPENDING ON THE NATURE OF THE GAME YOU WANT TO EXPLOIT. A GOOD SERVER AND A BACKED UP DATABASE WILL BE MUCH HARDER TO EXPLOIT THAN OTHERS.

God, you must be sad...exploiting is like fighting with a machine,which doesn't react back/talk .

Link to comment
Share on other sites

  • 3 weeks later...
  • 2 weeks later...

Re: ADVANCE SQL EXPLOITS

 

Oh do grow up you stupid little child, we are not in the slightest bit interested in whether you can create these so called SQL exploits. Why? Because of all the types of attacks against a machine, that is the easiest to detect, block and prevent.

When you finally manage to learn a subject and a set of skills worthy of somebody with an IQ *above* ambient room temperature feel free to come back and enter into a grown up discussion.

Wow Krisler you might need some of this.

n_burnoint_lg.jpg

XD :-)

It might come in handy XD

Link to comment
Share on other sites

Re: ADVANCE SQL EXPLOITS

Not to say anything bad but for one of nyna's comments:

Oh do grow up you stupid little child, we are not in the slightest bit interested in whether you can create these so called SQL exploits. Why? Because of all the types of attacks against a machine, that is the easiest to detect, block and prevent.

When you finally manage to learn a subject and a set of skills worthy of somebody with an IQ *above* ambient room temperature feel free to come back and enter into a grown up discussion.

I have to say That SQL injection may be the "kiddiest" methods of hacking it has showed some impressive results:

* On October 26, 2005, Unknown Heise readers replaced a page owned by the German TV station ARD which advertised a pro-RIAA sitcom with Goatse using SQL injection

* On November 01, 2005, A high school student used a SQL injection to break into the site of a Taiwanese information security magazine from the Tech Target group and steal customer's information.

* On January 13, 2006, Russian hackers broke into a Rhode Island government web site and allegedly stole credit card data from individuals who have done business online with state agencies.

* On March 29, 2006, Susam Pal discovered a SQL injection flaw in an official Indian government tourism site.

* On March 2, 2007, Sebastian Bauer discovered a SQL injection flaw in the knorr.de login page.

* On June 29, 2007, Hacker Defaces Microsoft U.K. Web Page using SQL injection. . U.K. website The Register quoted a Microsoft spokesperson acknowledging the problem.

* On August 12, 2007, The United Nations web site was defaced using SQL injection.

* On January 2008, tens of thousands of PCs were infected by an automated SQL injection attack that exploited a vulnerability in Microsoft SQL Server.

* On April 13, 2008, Sexual and Violent Offender Registry of Oklahoma shuts down site for 'routine maintenance' after being informed that 10,597 social security numbers from sex offenders had been downloaded by SQL injection

* In May 2008, a server farm inside China used automated queries to Google's search engine to identify SQL server websites which were vulnerable to the attack of an automated SQL injection tool.

* In May 2008, discussion groups covering identity theft problems faced by Lifelock's president exploited a SQL Injection vulnerability in Lifelock's server that would result in yearly membership for $0.00.

* In July 2008, Kaspersky's Malaysian site was hacked by Turkish hacker going by the handle of "m0sted", who claimed to have used SQL injection.

* In 2008, at least April through August, a sweep of attacks began exploiting the SQL injection vulnerabilities of Microsoft's IIS web server and SQL Server database server. The attack doesn't require guessing the name of a table or column, and corrupts all text columns in all tables in a single request.

*An HTML string is appended to each value that references a malware JavaScript file. When that database value is later displayed to a website visitor, the script attempts several approaches at gaining control over a visitor's system. The number of exploited web pages is estimated at 500,000

* In August 2008, Subeta, a virtual pet site, had to rollback their database to a backup version, due to an attack using a SQL Injection.

On February 2007 another SQL injection attack was used to steal the passwords of all users.

So as you can see SQL injections arnt all that "kidie".....

Link to comment
Share on other sites

Re: ADVANCE SQL EXPLOITS

As impressive as that list is, it is only "anecdotal evidence".

 

(2) Evidence' date=' which may itself be true and verifiable, used to deduce a conclusion from which it does not follow, usually by generalising from an insufficient amount of evidence. For example "my grandfather smoked like a chimney and died healthy in a car crash at the age of 99" does not disprove the proposition that "smoking markedly increases the probability of cancer and heart disease at a relatively early age". In this case, the evidence may itself be true, but does not warrant the conclusion.[/quote']

One could take other types of attacks and generate an equally impressive list.

Neither of those lists speaks to the difficulty of the attacks because it is unknown how secure all or any of those sites are. I think perhaps we are to assume that because names like Microsoft are tossed around in there, security would be of higher caliber. Shall I drop another name, WINDOWS. lol ;)

Nyna's statement stands I think. It is easy for semi experienced programmers to block sql injection. It's a lot easier than constructing regex's (IMHO).

 

But, there's no question that the list presented demonstrates real damage can be achieved with the use of sql injections.

Link to comment
Share on other sites

Guest Anonymous

Re: ADVANCE SQL EXPLOITS

Agreed. A company I was recently employed by had an interesting little exploit that took two of us a bottle of wine, a simple baby application written in Microsoft Access (of all things) and notepad, a couple of hours to write a system that injected data straight through their system bypassing all payment systems.

This issue was simply resolved by the addition of the equivalent of mysql_real_escape_string.

The company, having been told about the possible exploit and the high probably of others lurking throughout their code decided to use a third party group to make the changes.

Needless to say, they screwed up big time, allowing some sneaky individuals in and costing circa $100,000. Our fix would have been around $2,000.

Shame, these things do happen a lot and even the most experienced developers can make simple mistakes and forget that one little function call.

As a group, my peers and I often check each others code for issues, with brute force attacks, hunting for common mistakes and a visual inspection of the code. Only once we are happy, do we release the code into the wild, and even then, any possible issues that we discover force a reappraisal of any existing code.

lol @ constructing regex's -- Yep, you hit that nail nicely. regex is a wonderful tool, however for blocking of possible SQL exploits, rather poor. There are just too many ways to write a statement for even very experienced regex'ers to cope with. Using the (database) engine's own escaping mechanism is far safer.

Link to comment
Share on other sites

  • 4 months later...

Re: ADVANCE SQL EXPLOITS

This is a joke right??? Sql injections take a matter of minutes to make you just need common sense and a realisation on what a sql injection does and how it acts. Your chatting Sh** and i believe you should do what Nyna said and "grow up".

Also if you make these so called injections you are also very stupid as its you type of people who ruin peoples's hard work and effort.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...