Is SQL injection a crime?
- Nerdz
- The Architect
- Posts: 1127
- Joined: 15 Jun 2005, 16:00
- 19
- Location: #db_error in: select usr.location from sucko_member where usr.id=63;
- Contact:
Is SQL injection a crime?
I did some sql injection yesterday... And I was wondering if it is illegal...I mean there is no box penetrating... and if I didn't have any personnal data...
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.
Learn a man to fish, you feed him for life.
- bad_brain
- Site Owner
- Posts: 11638
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
it is a crime, simply by the fact that you are ACTIVELY intruding the database with a sql injection. but well, as long as you don´t manipulate or destroy anything you´ll most likely not getting any problems, but you have to realize that your activity surely has been logged (by the server access logs and by an IDS, if installed), so don´t overdo it...
here´s an example from my IDS log:
as you can see it´s really easy to identify potential malicious activity
(this one was of course just a normal access to an admin interface).
here´s an example from my IDS log:
Code: Select all
02/08-23:48:42.945625 [**] [1:2565:1] WEB-PHP xxxxx.php access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] {TCP} 66.249.xx.xxx:64788 -> xx.xx.xxx.xx:80
(this one was of course just a normal access to an admin interface).
Maybe we need a law forum
Everyone asks "is xyz a crime?". I thought this should be a technical forum. I mean, if you're unsure if something is right to do, why not do something else?
whats illegal
this is a tech forum.
Hacking is not even clearly defined in some laws. When I wardrive and use a unsecured wifi for chat or email, technically it is a violation of the federal laws (USA) prohibiting "unauthorized access to a computer or network" (as nerdzoncrack was doing). But, you'll read news articles on people not being charged for this 'crime'. The members of this forum try to include the ethics and legal issues of hacking tactics as well.
DNR
Hacking is not even clearly defined in some laws. When I wardrive and use a unsecured wifi for chat or email, technically it is a violation of the federal laws (USA) prohibiting "unauthorized access to a computer or network" (as nerdzoncrack was doing). But, you'll read news articles on people not being charged for this 'crime'. The members of this forum try to include the ethics and legal issues of hacking tactics as well.
DNR
- Nerdz
- The Architect
- Posts: 1127
- Joined: 15 Jun 2005, 16:00
- 19
- Location: #db_error in: select usr.location from sucko_member where usr.id=63;
- Contact:
Re: Maybe we need a law forum
I'm not like those who when then don't understand/know something, they run awayDemian wrote:if you're unsure if something is right to do, why not do something else?
Give a man a fish, you feed him for one day.
Learn a man to fish, you feed him for life.
Learn a man to fish, you feed him for life.
- CommonStray
- Forum Assassin
- Posts: 1215
- Joined: 20 Aug 2005, 16:00
- 19
like bad_brain said it is illegal but as well like DNR said some things are cloudy in legal definitions. but
it is always illegal if you dont have permission to do it, its all wether or not the administrator determines to press charges or not...destroying data for example would certainly result with you in court if your found...pulling a white hat and making it clear to the administrators that they have a vulnerability may or may not result in the same outcome.
it is always illegal if you dont have permission to do it, its all wether or not the administrator determines to press charges or not...destroying data for example would certainly result with you in court if your found...pulling a white hat and making it clear to the administrators that they have a vulnerability may or may not result in the same outcome.
Re: Maybe we need a law forum
*clicks back button and browse more threads*nerdzoncrack wrote:I'm not like those who when then don't understand/know something, they run awayDemian wrote:if you're unsure if something is right to do, why not do something else?
ESCARGOT!!!!
French for snails, say that word near my cat and it goes nuts :S
French for snails, say that word near my cat and it goes nuts :S
- Lyecdevf
- cyber Idi Amin
- Posts: 1222
- Joined: 16 Mar 2006, 17:00
- 18
- Location: In between life and death.
- Contact:
It depends where you live and to who you do it. I imagain a country that does not have clearelly defined laws about this wont prosecute you.
Besides that I am sure you always use a proxy when you do stuff like that. So unless thousands of dollars are going to be missing they probablly wont go after you. Am I right!
Besides that I am sure you always use a proxy when you do stuff like that. So unless thousands of dollars are going to be missing they probablly wont go after you. Am I right!
effects of bad hacking
Bad hacking is the reason the governments censor, legalize, and spy on the big network known as the internet. Bad hacking is also the reason a lot of IT jobs went overseas to the lowest bidder. It costs everyone money for new updates, security patches, downtime, 24/7 monitoring, even you and me. Bad hacking is the reason I do not tell anyone I hack, they don't know and they got this picture of a CC/ID crook.
Bad hacking is the reason I don't really share too much nfo or good progs. I stopped updating my website's text files. N00bs can come out and find a skript or exploit to fuxor a network or box, but I ain't going to sell you the bullets.
Ethics define who you are.
DNR
Bad hacking is the reason I don't really share too much nfo or good progs. I stopped updating my website's text files. N00bs can come out and find a skript or exploit to fuxor a network or box, but I ain't going to sell you the bullets.
Ethics define who you are.
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.