Since i got so much popularity in the first thread i think i may start creating a few more mods please lock the first thread

im looking for a good candidate site for SQL injection pt2. with a difficultiy level of easy hopefully a simple forum injection anyone have anything the wish to share ?

for those of you who are into advance challanges here is one for you

http://store.easypointatm.com (http://store.easypointatm.com/) i think those who get it will be in for a great surprise

http://www.scdl.net/studentcentre.asp
http://www.psychiatrist.com/

I got this for the warweed's:

http://upload-fast.com/files/f22e2de9849bd2eb6d875436be501b82.jpg (http://upload-fast.com/?url=f22e2de9849bd2eb6d875436be501b82.jpg)

For wargasm's first:
http://upload-fast.com/files/db22d5524b261bd2aebc775ca1e34d12.jpg (http://upload-fast.com/?url=db22d5524b261bd2aebc775ca1e34d12.jpg)

same here
http://i157.photobucket.com/albums/t45/t1337/Screenshot-1.png

Super easy one:
http://www.udesa.co.za/admin/login.asp

Super easy one:
http://www.udesa.co.za/admin/login.asp

http://i157.photobucket.com/albums/t45/t1337/Screenshot-2.png

lol:D

http://i157.photobucket.com/albums/t45/t1337/Screenshot-3.png

http://i157.photobucket.com/albums/t45/t1337/Screenshot-2.png

lol:D
Nice, I'll be looking for more.

same here
http://i157.photobucket.com/albums/t45/t1337/Screenshot-1.png


strange thats not what i have can i ask what string you used

For wargasm's first:
http://upload-fast.com/files/db22d5524b261bd2aebc775ca1e34d12.jpg (http://upload-fast.com/?url=db22d5524b261bd2aebc775ca1e34d12.jpg)


Have a look in the source, I think the passwords are stored in plaintext :) Thats not the password for his hotmail though, so try changing users. I bet some of them are the same.

This one looks fun:
http://upload-fast.com/files/f87eccd537faa6a94aee6d06c5796d51.JPG (http://upload-fast.com/?url=f87eccd537faa6a94aee6d06c5796d51.JPG)

Have a look in the source, I think the passwords are stored in plaintext :) Thats not the password for his hotmail though, so try changing users. I bet some of them are the same.

This one looks fun:
http://upload-fast.com/files/f87eccd537faa6a94aee6d06c5796d51.JPG (http://upload-fast.com/?url=f87eccd537faa6a94aee6d06c5796d51.JPG)

Yeah, it is stored in plain text and i tried to logon to his hotmail too and it said something about an invalid email... but anyways in the first thread the site downeast.ca thier password is stored in cleartext if you look in the source of the page.

Yeah, it is stored in plain text and i tried to logon to his hotmail too and it said something about an invalid email... but anyways in the first thread the site downeast.ca thier password is stored in cleartext if you look in the source of the page.

Yeah, I managed to get it to recognize the address, password didn't work though. Just need to find out how to change users. I know the command required, but I can't seem to find any other usernames on the site, so will need to DROP the relevant table me thinks. From there change to a different user, and try out their credentials. I imagine psychiatrists would receive some interesting emails :)

Super easy one:
http://www.udesa.co.za/admin/login.asp

lol did u do the "fuck you" write ins? or was it someone else?

ok so most of us who have been following the swl injection forums have gotten all the links anyone else got somthing ?


also i would be intrested in taking this off totse and perhaps moving it to my site so we can play with a few more "controversial" sites ....


would any of you be intrested ? this way we can talk a bit more freely with less traffic ... and i can limit who sees the conversation ....

not so much as a team or army but a group of people who have basic skill who are looking to improve on them selves

ok so most of us who have been following the swl injection forums have gotten all the links anyone else got somthing ?


also i would be intrested in taking this off totse and perhaps moving it to my site so we can play with a few more "controversial" sites ....


would any of you be intrested ? this way we can talk a bit more freely with less traffic ... and i can limit who sees the conversation ....

not so much as a team or army but a group of people who have basic skill who are looking to improve on them selves

Tis a good idea. Let's keep conversation about THIS SQL injections stuff here, and we can move the more 'controversial' stuff to your site.

sounds like a plan so we shall post easy non harmful crap here and more controversial theoretical and such on my site

you may register on my site at

http://warweed.com/signup.php
and the restricted forum is
http://warweed.com/plugins/forum/forum_viewforum.php?27

please post your warweed.com user name here .... and i shall set your user class within 24 hours so you can veiw the forum of the link i posted above

Mine is the same as it is here.

Ok, I registered at your website. My username at warweed.com is ParkedCar.

I think that we should collectivley put information into a large artical, so that poeple can get started, or get help from it. Then can be uploaded to your site.

I still need to do a bit of research SQL injections, I kinda understand the concept (at least the SQL part (After doing a year or on SQL at college). But need some source of information of the basic understanding. What I don't understand is HOW 1' or '1'='1 works in the password feild. or how 100' or '2'='1 still works the same?

But ill do my research and come back to here and tell you what i found out. (for others in the same posistion.

Edit: https://www.criticalsecurity.net/index.php?showtopic=10&pid=66&mode=threaded&start=

Heres a good start guide. I also found with the sql injection of 'down east site' injection can be just[ ' or ' ] which i find wierd.

sounds like a plan so we shall post easy non harmful crap here and more controversial theoretical and such on my site

you may register on my site at

http://warweed.com/signup.php
and the restricted forum is
http://warweed.com/plugins/forum/forum_viewforum.php?27

please post your warweed.com user name here .... and i shall set your user class within 24 hours so you can veiw the forum of the link i posted above

Yeah, I registered the other night. Made a thread as well.

I registered a while back as trippson, so add me:D

Me too as Failedartifact.. though i can already see the forum...

I registered under the same username.

lol you guys depress me lol ... after all this sql crap you guys register on my site probally knowing my passwords are MD5 lol and yet you pick passwords retardedly easy ;) especially Expl0itz lol common least pick somthing semi secure

http://i33.tinypic.com/1zlsr4g.jpg i see j00 ALLLL lawlz

lol you guys depress me lol ... after all this sql crap you guys register on my site probally knowing my passwords are MD5 lol and yet you pick passwords retardedly easy ;) especially Expl0itz lol common least pick somthing semi secure

http://i33.tinypic.com/1zlsr4g.jpg i see j00 ALLLL lawlz

I deliberately made mine insecure. Well, sort of. I didn't want to use any of my usual passwords, seeing as it's your site, so I just used a random pass. Nothing personal :)

I've got an account there now .. same name :)

HAHHA me too, i thought i would create a really easy password not used before.. We are more clever than you think Warweed!

hahaha can't blame me for trying :P

hahaha can't blame me for trying :P

Yeah dude... cmon. That might work for the people who don't know better. =)

I can feel password harvesting before it happens. Almost like a sixth sense... lol ;)

haha you and me both :P

I am in,
Dfg <-----


Password isn't that secure :(.

Edit: i did a run on 5 different sites and its ahem....... i hope OP doesn't expose the password :(.

*changes Totse password.

i hope OP doesn't expose the password :(.

Well, I know he won't post the password on THIS site, or he'll get banned or demodded. He knows well enough about that. At the very least, he'd get a rather long, hard talk with Zok or acidmelt.

i am very much a white hat "hacker" maybe bordline grey hat one thing you have to know is i would never use your passwords without your expressed consent nor would i steal them or harvest them .... i know better then that...

if only you knew how much sensative stuff i have stumbled into that i could have made LARGE sums of money lol

i have alot of morals when it comes to what i do ... but i still like to know i can do somthing and like to learn

I registered on your site as RadioFree.

Well, I know he won't post the password on THIS site, or he'll get banned or demodded. He knows well enough about that. At the very least, he'd get a rather long, hard talk with Zok or acidmelt.

I was just pulling his leg ;), but still thanks for the support.

i am very much a white hat "hacker" maybe bordline grey hat one thing you have to know is i would never use your passwords without your expressed consent nor would i steal them or harvest them .... i know better then that...

if only you knew how much sensative stuff i have stumbled into that i could have made LARGE sums of money lol

i have alot of morals when it comes to what i do ... but i still like to know i can do somthing and like to learn

No, don't worry. I just made up the password just for your site. Btw it is one of the strongest password in use right now (by me). I would love it if you can test it out. I mean it will only help me in the long run ;).

I don't have any users by "DFG"

Hey warweed, im interested in this SQL injection and im also looking to join your group on your own website. I was referred by trippson who I do know in RL.

Here are some sites that i got into by injection.
http://i409.photobucket.com/albums/pp174/Roorlux/udesa.jpg

http://i409.photobucket.com/albums/pp174/Roorlux/micmac.jpg

I know that they are probably 2 of the easiest sites to get into using the ' or ' code..

I don't have any users by "DFG"

Done, its activated.

https://www.downeast.ca/admin/B2B/B2BAccountList.asp


teeheehee

Hey warweed, im interested in this SQL injection and im also looking to join your group on your own website. I was referred by trippson who I do know in RL.

Here are some sites that i got into by injection.
http://i409.photobucket.com/albums/pp174/Roorlux/udesa.jpg

http://i409.photobucket.com/albums/pp174/Roorlux/micmac.jpg

I know that they are probably 2 of the easiest sites to get into using the ' or ' code..



down east was the site a posted in my previous thread and i posted the injection and the second one was easyer then fuck ..

do you have anything new you may be able to offer up by chance ?