Original Article Written by: Hayes Potter – A 13 year old web developer and programmer.

I’m really wondering when he got the time to learn all of that! and how he started … i really wish him the best luck and i wish also my kids can be Genius Like him!

For those of you who do not know what SQL Injections are, they are ways to send information to a database. This is mostly used to manipulate databases(i.e. hacking). All SQL commands start with a single quote like this “ ‘ “.

The typical way to send SQL commands to a database is to use login forms, like “Username: Password:”. Most sites are SQL Injections protected, but theirs only one way to find out, In forms you can enter “ ‘a ” as the username and ” ‘=’ ” as the password.

After you hit enter if the page says “Username Not Found” or “Incorrect Password” or something like that, this means that this site is not vulnerable to SQL Injections, but… If the page shows up as a database error or page not found, that means the database is freaking out and that means that the site is vulnerable to SQL Injections. If using ” ‘a ” as username and ” ‘=’ ” as password doesn’t already give you access to the site(as an administrator”) enter ” ‘a ” as username and ” ‘b OR ‘1=1 “. Since 1=1 is a logical truth it lets you in =).

If you are able to gain access to a site I would advise you to do what I do and contact the site administrator and tell them of this security flaw. If you mess up their site it is a Federal Offense which means you can get sent to Federal Prison for a couple or more years.