lol "oh she was ...( 5 months ago by skatehead0000)
lol "oh she was born in 74'"
Actually the ...( 4 months ago by paulwoody)
Actually the authentication was server based using a SQL type database.
The javascript was just basic validation on the HTML textfields prior to being sent to the database.
What the site designer / programmer should also have done was validate the text supplied from the form prior to posting to the database.
Checking for characters such as ', = and -- should be checked for to prevent an SQL injection which is what this video demonstrated.
Only .asp pages are ...( 4 months ago by crackzsl)
Only .asp pages are allowed to run SQL inject?
is their some ...( 4 months ago by pimpinallmyhoes)
is their some different stuff i have to do if its on another website and how can you tell what to put in when you so you could view it offline
what do i put in ...( 4 months ago by pimpinallmyhoes)
what do i put in for when your viewing it offline
HACKING IS FOR ...( 4 months ago by x2fusion009)
HACKING IS FOR LAMERS
can u do this on ...( 3 months ago by kelow4234)
can u do this on any website?
Did he just call it ...( 3 months ago by Quiltfish)
Did he just call it a "sequel injection technique"??
part of what he did ...( 3 months ago by JamesCappoa)
part of what he did was SQL injection
SQL(Ess,Cue,El), ...( 3 months ago by Quiltfish)
SQL(Ess,Cue,El), Sequel...Different. Not important, just annoying IMO
Yeah, n00bs ...( 2 months ago by mtfujiface)
Yeah, n00bs pronounce it Ess Cue El
It's sequel
Ok when it got to ...( 2 months ago by LegendofHalo117)
Ok when it got to the part where he searched for the Hacked.html what exactly did he enter in the address bar was it this: file:mc:/hacked.html
file:///c:/ ...( 2 months ago by jrhelgeson)
file:///c:/hacked.html
I could have accomplished the same thing by using file|open and selected the file, or just double-clicking the file and having it open in the web browser. I just wanted to keep it all in the browser window and the text editor so that non-techies could follow what I was doing without switching between applications.
The only thing you ...( 2 months ago by jrhelgeson)
The only thing you need to make SQL injections work is a SQL compliant database (which is just about all of them) that has a web server front-end.
hhm this will ...( 2 months ago by plasmaswordguy)
hhm this will certainly help me with a website of an evil person
Hello Joel I have a ...( 1 month ago by CYCLOPSONE)
Hello Joel I have a question.
A very detailed question.
You have email address?
This is all well ...( 1 month ago by Th3Hamm3r)
This is all well and good, but any sysadmin worth their salt will have patched a SQL injection exploit. Unless they are very, VERY stupid, as it's the first thing most people try.
This only works on ...( 1 month ago by CYCLOPSONE)
This only works on select websites.
Anybody know anything about accessing password protected websites?
Funny thing is, ...( 1 month ago by jrhelgeson)
Funny thing is, there isn't a generic patch against SQL injections. It all depends on the website programmer sanitizing their inputs from the SERVER SIDE not the client side, as was done here.
My video is meant ...( 3 weeks ago by jrhelgeson)
My video is meant to be educational to illustrate why it is important to validate user input on the server side, as opposed to on the client. -- Most developers have now learned to validate and sanitize their inputs and it appears the website you're trying to hack is properly built.
isn't that illegal?( 2 weeks ago by drummerforpeace)
isn't that illegal?
Only if I did it ...( 1 week ago by jrhelgeson)
Only if I did it without permission. I state in the video that I was contracted to perform a security audit on their website.
i missed that part. ...( 1 week ago by drummerforpeace)
i missed that part. whoops.
This is a ...( 4 days ago by minntc)
This is a password-protected website. jrhelgeson made only one mistake in his verbal description of his activities; in modifying and saving the source code for that website, he did not disable "all authentication", he disabled input validation. The input validation was only performed on the client side (in-browser), which is a huge no-no.
As an aside to jrhelgeson, this is a good demonstration, but labelling it as "college networks" instead of "a website", you miss a wider audience...
Cheers!
It's sequel
A very detailed question. You have email address?
Anybody know anything about accessing password protected websites?