hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Sql Injection Game
GovernmentSecurity.org > The Archives > Exploit Articles
boshcash
Nov 29 2003, 02:13 PM
http://www.hackingzone.org/sql/ its a SQL injection game , so it just trains ppl to sql inject nothing more , if anybody have a good DETAILED tutorial about SQL injection , i would appreciate it , thnx
coder
Nov 29 2003, 02:19 PM
Sorry for just posting a google link, but this search came up with a lot of good resources...

http://www.google.com/search?q=SQL%20Injec...=utf-8&oe=utf-8

Remember guys/gals- Please do little searching before you post, this could have easily been a "Hey all, look what i found!" post, instead of it being a "Where do i find this..." post...

oh, and thanks for the wargame link- these can be fun (and sometimes even informative biggrin.gif ) .

-have a great day!
TedOb1
Nov 29 2003, 06:02 PM
I wouldn't exactly call this a tutorial, more of a training device. It requires appache (win32 is fine), TomCat and the Jave SDK 5.0 or better

http://www.owasp.org/development/webgoat

About WebGoat

Web application security is difficult to learn and practice. Very few people have full blown web applications like online book stores or online banks that can be used to search for vulnerabilities. In addition, security professionals frequently need to test tools against a known vulnerable platform to ensure they perform as advertised.

All of this needs to happen in a safe and legal environment; we believe you should never attempt to find vulnerabilities without permission, even if your intentions are good.

WebGoat is based on the concept of teaching a user a real world lesson and then asking the user to demonstrate their understanding by exploiting a real vulnerability on the local system. The system is even clever enough to provide hints and show the user cookies, parameters and the underlying Java code if they choose. Examples of lessons include SQL injection to a fake credit card database, where the user creates the attack and steals the credit card numbers.

Current lessons include;

Cross Site Scripting
SQL Injection
Thread Safety
Hidden Form Field Manipulation
Parameter Manipulation
Weak Session Cookies
Fail Open Authentication
Dangers of HTML Comments
boshcash
Nov 29 2003, 06:49 PM
thnx alot guys for ur help
sh@dy
Dec 5 2003, 04:11 AM
Pretty Cool site...
Andy
Dec 6 2003, 08:34 AM
kinda like those hackit wargames smile.gif fun in spare timelol
skydance
Dec 6 2003, 08:55 AM
webgoat is so neat tongue.gif i cant wait for the next version...
dissolutions
Dec 6 2003, 09:55 AM
this forum has a lot of tutorials in it as well
UnDeRTaKeR
Dec 6 2003, 10:13 AM
10q all!
shaun2k2
Dec 6 2003, 10:25 AM
Yeah, that wargame is pretty cool, I know the person who runs it - I'm sure he appreciates the publicisation of it, thanks.

Please guys, we're trying to weed out the crap here - search google first. We're not magical you know. Searching for "sql injection paper" will return great results; what makes you think we can do better than that?

Also Comsec has written a basic tutorial on SQL injection - read that first to get the ideas before progressing onto the more complex stuff.


-Shaun.
Checkz
Dec 7 2003, 08:04 AM
funny for sure smile.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.