did something stupid today..hope it's not serious

today i read about sql injection etc... i wanted to try it on 2 sites...(these are 2 sites i very often visit and like very much)...i just wanted to see whether they were sql injection proof....nothing malicious... would have informed the webmaster if they weren't..

but now feeling guilty and worried... is it serious what i did??

 

What did you do?

 

just a very minor sql injection trick to login without an account... i was just experimenting... i experimented on my own website and my site was vulnerable lol... just discovered about sql injection today

 

it's bad. I cant believe there is still sql injection exists

 

Don't do it

 

yeah i was just experimenting..won't do it again

 

Most programmer often forget to filter up sql injection when they are coding their site. Did you tell the guy after you did it?

 

man,it is hacking what you did.Please don't do it again or you will fall in trouble.
So far as i know it is used for hacking private things like username or passwords and etc thing.
Please donot try it ever!

 

i never even heard of it before. lol

 

You are such a script kiddie! At least you have conscience


Don't worry about it, youl be fine. But if you do get caught you will have problems explaining what you did. Experiment excuse might not work. Just don't do it again.

 

yep won't do it again.... was just curious whether people are protected or not against sql injection... apparently most are aware of it.... and at least with this thread some are now aware about sql injection....

btw any good guide to protect against sql injection..i just used addslashes() in php..it's not sufficient i guess isn't it?

 

Well i guess most php scripts have some sort of vulnerability. Its just too easy to write something quickly and sell it. Even more serious scripts like VB update all the time as more holes are discovered.

 

interesting. I will have to do some reading about SQL injection and make my sites safe ...

 

Many programmers don't clean queries. If you didn't do any permanent damage, you are fine. Ive hacked more login systems then I can count, I take a screenshot in the admins account then email him. I have no care to do any damage to a site, I offer my services to them however.

Its a good business tactic, I've never ran into anyone who was mad for what I did. They also trust the knowledge of someone who can hack.