SQL Injection

There are many ways to use SQL injection, you could do it manually by just adding to the URL
www.site.com/index.php?id=79 order by 1–
or you could use one of the many sqli programs such as havij and SQLMap.
Coolet has a great post for SQL injection here :)

To try and prevent getting caught you can look into using Tor or VPN’s these will change your IP.
Though be aware you could get in trouble if caught :/

This might be a stupid question.

But if the site is located out side my country (no details) would it be harder to trace me?

If your using Tor then it would make it harder for them to trace you, tor relays the site your visiting/attacking through multiple gateways (relays run by volunteers) each having a different IP. It is still possible to trace by asking each service provider who accessed the attacked site/server at that time, then in turn tracing that IP to a service provider and repeating until you reach the end of the trail. So to answer your question yes it probably would be harder as there would be more service providers involved and some keep their logs for as little as 6months, so depending the amount of relays used you may never be found.

I should be safe now.

Tor + BestukVPN.com + the website is not located in *******

Just quick question again:

If I get a SQL injection into their database, am I then able to demote their admins and promote myself?

And ofcourse, if yes, how do I do that?

BestukVPN may not be the best one to use for what you want to do, first thing I saw on their website was >No illegal activities allowed with the service. In case of abuse, users' VPN access log is subjected to expose to related authorities.

If the website is exploitable through SQL injection then it would be a case of finding out all the table and field names and working out which one is for admins. Some may use a separate table for administrators whereas others may just use a value within a field in a table called members or similar. You wont know until you look.

Again I will say you will most likely get in trouble if caught and you are saying about taking their permissions away and applying them to your account, this is a really bad idea as it will basically tell them you were the one to hack it :D

This all seems a lot of effort just because of a rule breaker, are you sure there’s no other way you can resolve it, for example; use a different site, complain, get people to complain with you <– If you get people to complain with you and essentially boycott it then even if its a friend of the admin I’m sure they wouldn’t want to loose all their users because of their mate. Theirs always more than one way to achieve your goals :)

What is Tor and where can I find it?

“Tor prevents anyone from learning your location or browsing habits”.
So yea, you can surf the web anonymously, and try your SQLi without anyone knowing where you are.

Tor can be found here…
-Kabue

Well, i recommend you instead of using havij use your mind….research about sql injection, learn it. Havij won’t help you.