Is SQL injection a crime?

No explicit questions like "how do I hack xxx.com" please!
Post Reply
User avatar
Nerdz
The Architect
The Architect
Posts: 1127
Joined: 15 Jun 2005, 16:00
15
Location: #db_error in: select usr.location from sucko_member where usr.id=63;
Contact:

Is SQL injection a crime?

Post by Nerdz »

I did some sql injection yesterday... And I was wondering if it is illegal...I mean there is no box penetrating... and if I didn't have any personnal data...
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11534
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

Post by bad_brain »

it is a crime, simply by the fact that you are ACTIVELY intruding the database with a sql injection. but well, as long as you don´t manipulate or destroy anything you´ll most likely not getting any problems, but you have to realize that your activity surely has been logged (by the server access logs and by an IDS, if installed), so don´t overdo it... :wink:

here´s an example from my IDS log:

Code: Select all

02/08-23:48:42.945625  [**] [1:2565:1] WEB-PHP xxxxx.php access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] {TCP} 66.249.xx.xxx:64788 -> xx.xx.xxx.xx:80
as you can see it´s really easy to identify potential malicious activity
(this one was of course just a normal access to an admin interface).

User avatar
Demian
forum buddy
forum buddy
Posts: 10
Joined: 28 Nov 2005, 17:00
15

Maybe we need a law forum

Post by Demian »

Everyone asks "is xyz a crime?". I thought this should be a technical forum. I mean, if you're unsure if something is right to do, why not do something else?

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
14
Location: Michigan USA
Contact:

whats illegal

Post by DNR »

this is a tech forum.
Hacking is not even clearly defined in some laws. When I wardrive and use a unsecured wifi for chat or email, technically it is a violation of the federal laws (USA) prohibiting "unauthorized access to a computer or network" (as nerdzoncrack was doing). But, you'll read news articles on people not being charged for this 'crime'. The members of this forum try to include the ethics and legal issues of hacking tactics as well.

DNR

User avatar
Nerdz
The Architect
The Architect
Posts: 1127
Joined: 15 Jun 2005, 16:00
15
Location: #db_error in: select usr.location from sucko_member where usr.id=63;
Contact:

Re: Maybe we need a law forum

Post by Nerdz »

Demian wrote:if you're unsure if something is right to do, why not do something else?
I'm not like those who when then don't understand/know something, they run away :)
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.

User avatar
CommonStray
Forum Assassin
Forum Assassin
Posts: 1214
Joined: 20 Aug 2005, 16:00
15

Post by CommonStray »

like bad_brain said it is illegal but as well like DNR said some things are cloudy in legal definitions. but

it is always illegal if you dont have permission to do it, its all wether or not the administrator determines to press charges or not...destroying data for example would certainly result with you in court if your found...pulling a white hat and making it clear to the administrators that they have a vulnerability may or may not result in the same outcome.

Bozebo
forum buddy
forum buddy
Posts: 19
Joined: 15 Mar 2006, 17:00
14
Location: Scotland
Contact:

Re: Maybe we need a law forum

Post by Bozebo »

nerdzoncrack wrote:
Demian wrote:if you're unsure if something is right to do, why not do something else?
I'm not like those who when then don't understand/know something, they run away :)
*clicks back button and browse more threads*
ESCARGOT!!!!


French for snails, say that word near my cat and it goes nuts :S

User avatar
godlike
Newbie
Newbie
Posts: 4
Joined: 08 Mar 2006, 17:00
14

Post by godlike »

in my country are punishments for hackers but I never heard that someone was punished.

User avatar
Lyecdevf
cyber Idi Amin
cyber Idi Amin
Posts: 1222
Joined: 16 Mar 2006, 17:00
14
Location: In between life and death.
Contact:

Post by Lyecdevf »

It depends where you live and to who you do it. I imagain a country that does not have clearelly defined laws about this wont prosecute you.

Besides that I am sure you always use a proxy when you do stuff like that. So unless thousands of dollars are going to be missing they probablly wont go after you. Am I right!

User avatar
DNR
Digital Mercenary
Digital Mercenary
Posts: 6114
Joined: 24 Feb 2006, 17:00
14
Location: Michigan USA
Contact:

effects of bad hacking

Post by DNR »

Bad hacking is the reason the governments censor, legalize, and spy on the big network known as the internet. Bad hacking is also the reason a lot of IT jobs went overseas to the lowest bidder. It costs everyone money for new updates, security patches, downtime, 24/7 monitoring, even you and me. Bad hacking is the reason I do not tell anyone I hack, they don't know and they got this picture of a CC/ID crook.

Bad hacking is the reason I don't really share too much nfo or good progs. I stopped updating my website's text files. N00bs can come out and find a skript or exploit to fuxor a network or box, but I ain't going to sell you the bullets.

Ethics define who you are.

DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11534
Joined: 06 Apr 2005, 16:00
15
Location: The zone.
Contact:

Post by bad_brain »

that´s SO true DNR....tell somebody you´re into hacking and next time the computer of this person has a malfunction of any kind you will hear this question:
"Have YOU done this?" :roll:

Post Reply