Will SQL injections get me into trouble?

@oyenkai (4394)
Philippines
September 4, 2008 7:43pm CST
I subscribed to a site and when I was accessing my account, I found out that it wasn't as secure as it should be. On the email textbox, I inputted a jo'hn@smith.com and received an SQL Error on the next page. I wanted to try more elaborate SQL injections - the ones that I am just learning right now but I figured that there might be laws against this and I don't want to get into trouble.
1 person likes this
2 responses
repzkoopz
@repzkoopz (1895)
• Philippines
5 Sep 08
hmmm.. this is pretty much a wild guess.. but i think the ' causes the trouble. you mentioned that you got an error when you put jo'hn@smith.com on the email textbox. in SQL coding, the use of ' or " means whatever is in between two of these is a string. (i hope i'm on the right track here..)
2 people like this
oyenkai
@oyenkai (4394)
• Philippines
5 Sep 08
Yeah, I actually understood what the error was. It's just that things like that kinda make you itch and wanna see how far you can get. So if I try a few more stuff in the log in, will I get in trouble? I mean against the law kind of trouble.
1 person likes this
oyenkai
@oyenkai (4394)
• Philippines
5 Sep 08
but I want to try to log in as admin o.o because I think their system is THAT vulnerable. It just so happens that I've been reading a lot about SQL injections since I want to make sure that the system we're developing is secure. That's why I have a few scripts that I was itching to try. There was this one log in string that actually took more than 10 seconds to load so I decided to stop the browser because I thought it was actually retrieving everything...
1 person likes this
repzkoopz
@repzkoopz (1895)
• Philippines
6 Sep 08
hmmm.. seems like you're a specialist in this field. i guess the best you could do is contact the webmaster and tell them what you intend to do. besides, it'll be quite useful for them since you might be pointing out to a particular security flaw in their. who knows, your instincts might just be right. c",)
mr_mlk
@mr_mlk (364)
5 Sep 08
Get you in trouble - no, the site might mouth off but unless you actively start putting stuff like '; delete from tuser;(1) they will not be able to do anything. Inform the website and find a different provide. 1) Unless that is you name. [ http://xkcd.com/327/ ]