Friday, 1 February 2013

How to find out if a website is vulnerable to SQL Injection?

As we had discussed earlier about the SQL injection, it  is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. We discussed there about the login screen bypassing, that might have been beneficial to the so called script kiddies, who approach hacking just through available scripts and codes on the web, without particular interest in the field. Anyways, you came to know, who exactly are the script kiddies.
We learnt the basics about what is SQL Injection but how can you find out if a website you are testing on, is vulnerable to SQL injection or not? Fine!! Some might be knowing, but for those who don’t know, I am going to quantify the whole process.
1. Use google dorks to find out the vulnerable sites, putting the following queries on google search engine:
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
Now you get a list displayed on the result page. Select one by one. Suppose we select the first result.Click on it.
2. Put  ‘ (single quote) at the extreme end of the link displayed on the address bar and press ‘enter’.Or after The "Equal to(=)" Sign
3. Now if a page opens up saying there is an SQL Error, that means the website is 110% vulnerable to SQL Injection.


Posted by at
Labels: ,

1 comment:

  1. Peeter 30 January 2022 at 19:58

    **HACKING TOOLS WITH TUTORIALS & FULLZ AVAILABLE**
    (High Quality, Genuine Seller)

    =>Contact 24/7<=
    Telegram> @leadsupplier
    ICQ> 752822040
    Email> exploit.tools4u@gmail.com

    Fullz info included
    NAME+SSN+DOB+DL+DL-STATE+ADDRESS
    Employee & Bank details included
    High credit fullz with DL 700+
    (bulk order negotiable)
    **Payment in all crypto currencies will be accepted**

    ->You can buy few for testing
    ->Invalid or wrong info will be replaced
    ->Serious buyers needed for long term

    TOOLS & TUTORIALS AVAILABLE FOR:

    "SPAMMING" "HACKING" "CARDING" "CASH OUT"
    "KALI LINUX" "BLOCKCHAIN BLUE PRINTS"

    **TOOLS & TUTORIALS LIST**

    ->Ethical Hacking Tools & Tutorials
    ->Kali Linux
    ->Keylogger & Keystroke Logger
    ->Facebook & Google Hacking
    ->Bitcoin Flasher
    ->SQL Injector
    ->Paypal Logins
    ->Bitcoin Cracker
    ->SMTP Linux Root
    ->DUMPS with pins track 1 and 2
    ->SMTP's, Safe Socks, Rdp's brute, VPN
    ->Php mailer
    ->SMS Sender & Email Blaster
    ->Cpanel
    ->Server I.P's & Proxies
    ->Viruses
    ->Premium Accounts (netflix cracker, paypal logins, pornhub, amazon)
    ->HQ Email Combo

    If you are searching for a valid vendor, it's very prime chance.
    You'll never be disappointed.
    **You should try at least once**

    Telegram> @leadsupplier
    ICQ> 752822040
    Email> exploit.tools4u@gmail.com

    ReplyDelete

Subscribe to: Post Comments (Atom)