SQL injection is the method of inserting your own, specially crafted queries into a database, in order to ‘disturb’ and ‘trick’ the database into do anything from log you in, to getting an enter map layout of a database, known as a database footprint.
SQL injections are your best bet for website passwords and logins(dont expect all the web can be hack by this.Only if you’re really pro,i would say yes)

If I were you, I would study up on Php, Html, and Asp, since those are the most commonly used language that are used in conjunction to SQL servers, and (naturally) learn a lot of Sql. Also keep in mind, there are many different flavor’s of SQL servers, like PostgeSQL, MySQL, and MS SQL (not to be a dick, but about the last flavor of SQL, hah).

Let me show you somethin in PhP:

CODE

$username = $_POST[”userlogin”];
$password = $_POST[”passlogin”];
$query = mysql_query(”SELECT * FROM users WHERE user=’$username’ AND password=’$password’”);
$rows = mysql_fetch_row($query);

if ($rows == 0) {
die(’Wrong login, please try again.’);
}

Anyways, the way this works, is that it get’s the value from the login script using the special global built in Php array, POST. Then, it stores those values in variables, and passes them through a query which is held in $query and after that, inside this query is the values from the earlyer $username and $password variables, in order to properly check them through the database, remember this. It then checks the query through the database and checks if $rows is equal to ONE ROW that is going to be selected from the database using $query, the reason that we will only select one row is because we use mysql_fetch_row(); instead of mysql_fetch_rowS(); and this is why it will only select ONE row from the database, namely the user and password. After all, you don’t want to select two rows from a database when using a login script, less you’re retarded. However, if it can’t select the one row that meets all the requirements, it terminates the query and makes you start over. The reason it does this, is because the 0 in that if statement section of my code is a boolean character, and 0 is the equal of ‘false’ in english, so it’s basically saying “If selecting ANY rows from the database comes out false, do this…”. So, remember, in booleans, 0 == false, and 1 == true.
Also, for Php experts, note that I left addslashes(); out on purpose.

Now, lets say I log in with

username: bodoh
password: anjingsss

This is how that query inside of $query will pass once the variables are identified.

CODE

$query = mysql_query(”SELECT * FROM users WHERE user=’bodoh’ AND password=’anjingsss’”);

See? Pretty simple, but, what if john was the administrator, and I did this:

username: bodoh
password: ‘ OR ”=’ OR ‘1′=’1

The query, would then pass like this:

$query = mysql_query(”SELECT * FROM users WHERE user=’john’ AND password=” OR”=’ OR ‘1′=’1′”);

Now, as you can imagine, that will pretty much confuse the living shit out of a database, since you use the Sql clause OR in the password slot. And, as you can see, a single ‘ is always equal to ‘ and 1 is always equal to 1, so therefor, it logs you in since the requirments are met. That is only if they don’t have addslashes on, otherwise, that wouldn’t work.

Now, here is a slightly more advanced one entered in the URL bar:

gabanbodoh.com/user.asp?id=1337 UNION SELECT TOP 1 TABLE_NAME FROM INFORMATION_SCHEMA.TABLES–

What that will do is, try to union the Id number (which is obviously an integer) with the very top, number one table from the database. Naturally, word’s and numbers can’t be unioned or added together, so you’ll get a nice ODBC error on it, revealing the first table name - yay!

After that, it’s a lot more complicated since you have to use WHERE, FROM, LIKE, and other clauses to get specific shit like column names, and maybe even password hashes, you also need to use special sql functions to alter things so they’re readable. This is called “Database footpriting”.

I realize this probably confused you to hell, but still, it’s the best way I can explain it.