Dashboard Articles Playground Discussions More
Follow

Hacking mysql database

thedudeabides
11 years ago

0

Hi all, I have just setup a test local moodle site using XAMPP, which has apache server 2.4.7 and mysql 5.6.16. I am trying to hack my own database by using SQL injection. Some methods I tried include exploiting the “id=1” parameter but there are no errors when I manipulate it. Also tried to perform injection by using the login interface “admin' or 1=1”, but it doesn’t work either.

Used some injection tools like sqlmap and metasploit but I they can’t find any injection vulnerabilities either. They couldn’t even find out the database and its version. Can anyone help on this?

5replies
3voices
310views
Cyan Wind [freewind1012]
11 years ago | edited 11 years ago

0

Did you even create a SQL query? If yes, what was it?

 
![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)
thedudeabides
11 years ago

0

How do I create a SQL query? I only followed the methods from some sites but they just provide basic injection on vulnerable sites. The moodle site that I setup seems pretty secured already from the get-go…..

Hackay
11 years ago

0

Freewind means (I suppose) that if you didn’t create the query linking to your database behind the login form you use, it won’t work obviously.

Did you connect your form to the database ?

 
![Image](http://image.noelshack.com/fichiers/2014/14/1396472407-userbar.png)
thedudeabides
11 years ago

0

I suppose it is connected since I have a fully functional test website that I can login and create users etc….just that I did not write the code as it was already pre-coded the moment I installed it. It is a moodle site if anyone wants to know.

What are some other ways to hack a database?

Cyan Wind [freewind1012]
11 years ago | edited 11 years ago

0

@thedudeabides: Dude, if you know SQLi, the world knows it and how to fix it long time before you. Do you really think that someone would release an open-source platform with some well-known serious vulnerabilities? If yes, would no one / its community find it?

I assume that Moodle has some vuln because nothing is perfect (sure!!). However, it is not simple to find and to hack its database by using admin' or 1=1.

 
![Image](https://www.hackthis.co.uk/user/userbar.png?user=freewind1012%20//%20Navigator)
You must be logged in to reply to this discussion. Login
1 of 6

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss