SQL Injection

I have become very interested in SQL Injection, just for little fun stuff, but For sites that are protected against it, i.e when you type in a command, it, for lack of a better word, comments, it out so that the website is safe. Obviously the website is still vulnerable somehow, so how do, again, for lack of a better word, "pros", hack into websites that are protected against easy sql injection commands.

As far as i'm aware if they properly sanitize their data inputs it's very difficult. If they've covered their bases then you just have to start looking for other vulnerabilities.

I'd be interested in hearing on someone with more experience though. I'm not a 'hacker' and have just messed around with it for uni related courses.

Well if a site is protected the right way against SQL Injection there is no way around.

There are other ways to mess with the site, not just SQL Injection

I'm new to hacking too, what are "other vulnerabilities", what other kind of attaacks are there?

It's not just the website front end that protects the database. Good database design and the use of stored procedures and parameters versus dynamic SQL also play a role. If a web text box is filtering out bad characters but there is another way to submit SQL to a badly designed and poorly protected DB you might find a way in. However by now any website worth its salt should not be vulnerable.

What are other ways to mess with a site?

this is a great video


What are other attacks, or vulnerabilities i could look for?

  • Cross-site Scripting
  • Cross-site Request Forgery

This ^.

What is this?

I have heard of xss but what is cross-site request forgery?

you create your own page that submits un-sanitized data

I am new to hacking, what does that mean?

well, you cant learn 'hacking' first until you learn how it even works first.

if the site does not validate actions properly you can do things like for example:


Imagine sending this to a user that is logged in, he clicks the link and if the site is not protected against CSRF the operation will be successful

Definitely, i'm not trying to be an 11 spamming forums asking for people to ddos, i'm genuinely interested, so thanks for the info.

1 Like

ok, that makes sense, i think i'm gonna spend the week learning php and sql, lol, any other languages?

javascript, jquery

1 Like

i respectfully request
dont hack me bro