Is SQL injection a crime?

[Nerdz]

I did some sql injection yesterday... And I was wondering if it is illegal...I mean there is no box penetrating... and if I didn't have any personnal data...

[bad_brain]

it is a crime, simply by the fact that you are ACTIVELY intruding the database with a sql injection. but well, as long as you don´t manipulate or destroy anything you´ll most likely not getting any problems, but you have to realize that your activity surely has been logged (by the server access logs and by an IDS, if installed), so don´t overdo it...

here´s an example from my IDS log:

Code: Select all

02/08-23:48:42.945625  [**] [1:2565:1] WEB-PHP xxxxx.php access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] {TCP} 66.249.xx.xxx:64788 -> xx.xx.xxx.xx:80

as you can see it´s really easy to identify potential malicious activity
(this one was of course just a normal access to an admin interface).

[Demian]

Everyone asks "is xyz a crime?". I thought this should be a technical forum. I mean, if you're unsure if something is right to do, why not do something else?

[DNR]

this is a tech forum.
Hacking is not even clearly defined in some laws. When I wardrive and use a unsecured wifi for chat or email, technically it is a violation of the federal laws (USA) prohibiting "unauthorized access to a computer or network" (as nerdzoncrack was doing). But, you'll read news articles on people not being charged for this 'crime'. The members of this forum try to include the ethics and legal issues of hacking tactics as well.

DNR

[Nerdz]

if you're unsure if something is right to do, why not do something else?

I'm not like those who when then don't understand/know something, they run away

[CommonStray]

like bad_brain said it is illegal but as well like DNR said some things are cloudy in legal definitions. but

it is always illegal if you dont have permission to do it, its all wether or not the administrator determines to press charges or not...destroying data for example would certainly result with you in court if your found...pulling a white hat and making it clear to the administrators that they have a vulnerability may or may not result in the same outcome.

[Bozebo]

if you're unsure if something is right to do, why not do something else?

I'm not like those who when then don't understand/know something, they run away

*clicks back button and browse more threads*

[godlike]

in my country are punishments for hackers but I never heard that someone was punished.

[Lyecdevf]

It depends where you live and to who you do it. I imagain a country that does not have clearelly defined laws about this wont prosecute you.

Besides that I am sure you always use a proxy when you do stuff like that. So unless thousands of dollars are going to be missing they probablly wont go after you. Am I right!

[DNR]

Bad hacking is the reason the governments censor, legalize, and spy on the big network known as the internet. Bad hacking is also the reason a lot of IT jobs went overseas to the lowest bidder. It costs everyone money for new updates, security patches, downtime, 24/7 monitoring, even you and me. Bad hacking is the reason I do not tell anyone I hack, they don't know and they got this picture of a CC/ID crook.

Bad hacking is the reason I don't really share too much nfo or good progs. I stopped updating my website's text files. N00bs can come out and find a skript or exploit to fuxor a network or box, but I ain't going to sell you the bullets.

Ethics define who you are.

DNR

[bad_brain]

that´s SO true DNR....tell somebody you´re into hacking and next time the computer of this person has a malfunction of any kind you will hear this question:
"Have YOU done this?"