HackingTruths Blog

Hello guys,
Okay forget about my SQL INJECTION QUESTION, do you know that is it possible to have something inside the ACCESS DB like stored proc in SQL?( in this case i’m looking for something looks like MASTER.DBO.XP_CMDSHELL but inside the access?!)
So the question is this, if someone have the injection inside the access db is there any command or procedure to have shell from that DB server ?
Thanks in advance,

I’m going to create my own website with a database which will store some accounts and files. what hardware requirements do i need to build the webserver?
OS?
RAM?
HardDisk?
anything else?
highest points for best answers.

I’m putting together a database (PHP/MYSQL) online, and I want to secure it from hackers.
I have heard of people hacking databases with “sql injection”, on mainstream CMSs like phpNuke.
Could those hackings be due to everyone knowing how the system works, and I would I be more safe because no one knows my database layout?
Any help or links would be great.

Or do I need to use addslashes() as well, or maybe another function all together?

How can I protect my database from (SQL injection attacks) urgent please?
How can I protect my Database against this SQL injection attacks, I need to use this PHP function:
mysql_real_escape_string()
BUT I don’t know where to paste it to make it like this
$username = mysql_real_escape_string($_POST['usernam... $link);
$pass = mysql_real_escape_string($_POST['pass'], $link);
//insert the user details
$sql = “SELECT * FROM `users` WHERE username=’{$username}’ AND pass=’{$pass}’ OR username=’admin’”;
$result = mysql_query($sql, $link);
Someone help please
Thank you

SQL injection has nothing to do with crashing a database, per say.
It is used to gain access and/or manipulate data. Why does it work?
Well, it doesn’t…all the time. When it does, it’s because someone didn’t sanitize their database inputs. The question is kinda like “Why does taking the bus work?”
Like I said, sometimes it doesn’t, it’s dependent upon other people, and it only works for a specific set of problems.
Say, you want to know the contents of a database that is accessed through a website. So, you find out what the platform is, and alter the parameters passed through the URL, or cookie, or whatever.
Or, you want to delete some records. Throw input’);DROP TABLE users;- onto the end of something that is being used as an SQL parameter, and watch the magic.

I recently learned how to code in php + mysql and i was wondering if you let anything go in the Database, what can go wrong?
I know XSS can play a deadly role, but what about SQL injection?
I keep on reading that it requires a variable to be in the URL i.e. id=3
What can people do to me and how do you do a SQL injection in my environment.