Header Banner
Null Byte Logo
Null Byte
WonderHowTo Gadget Hacks Next Reality Null Byte
wonderhowto.mark.png
Cyber Weapons Lab Forum Metasploit Basics Facebook Hacks Password Cracking Top Wi-Fi Adapters Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker
how to

SQL Injection Finding Vulnerable Websites..

Oct 18, 2015 04:11 AM
"SQL Injection Finding Vulnerable Websites.." cover image

Welcome Back !! TheGeeks.

SQL Injection (SQLI) Part-1

I hope you all enjoyed my previous article on Email spoofing, if not you'll can go to my profile and check it.

My this article totally different from previous one. In this article i'll be teaching how to find vulnerable websites for SQL injection.

SQL injection is a code injection technique, used to attack data-driven applications. The SQL Injection attack allows external users to read details from the database, so attackers can dump whole website database and find admin username/password details.

Note: Unfortunately we CANNOT SQLi attack on all websites. The websites need a SQLi vulnerability in order to do this technique.

Website URL need a parameter like php?id=4 / php?id=any number to inject.

For example: http://www.example.com/products.php?id=5www.example.com/products.php?id=5 <= This type of website is needed in order to do this trick

To Find these type of website, Use Google Dorks- dork will advance search on google

Some Pakistan google Dorks list:

gallery.php?id= site:.pk

products.php?id= "+92"

cat.php?id= "+92"

default.php?catID="+92"

There is no limit in dork list, you can make your own google dork with keywords. Or you search on google for "New Google Dorks List" you will get many results.

Here you can find http://pastebin.com/Tdvi8vgK 7000 google dork lists

Note: These dorks will search out other countries websites Too, if you like to do this to Pakistan based websites ADD site:.pk at the end of the dork for example: about.php?cartID= site:.pk

Once you find a website, then you can check for SQLi vulnerability.

Put an ' (Apostrophe) at the end of the URL Parameter.

I found a website http://www.piil.com.pk/new.php?id=25

SQL Injection Finding Vulnerable Websites..

Let's, Check for SQLi Vulnerability, so i put an Apostrophe at the end of the URL Parameter.

http://www.piil.com.pk/new.php?id=25' (if you are using google chrome... Apostrophe will change to %27, it doesn't matter)

Now I found an error on this website!!!

SQL Injection Finding Vulnerable Websites..

"Warning: mysqlfetcharray() expects parameter 1 to be resource, boolean given in /home/piilcom/publichtml/new.php on line 111"

Sometimes, we can see different SQLi error. Sometimes we cannot see this error at all, but it you will show some changes in website.

For example

http://www.psn.com.pk/index.php?page=gallery.php&id=519

SQL Injection Finding Vulnerable Websites..

When i put an Apostrophe, The contents in that website got vanished

http://www.psn.com.pk/index.php?page=gallery.php&id=519'

Pakistan Society of Nephrology website homepage featuring medical professionals and research imagery.

thank you,

--ANAMIKA (TG)

You already know how to use your phone. With Gadget Hacks' newsletter, we'll show you how to master it. Each week, we explore features, hidden tools, and advanced settings that give you more control over iOS and Android than most users even know exists.

Sign up for Gadget Hacks Weekly and start unlocking your phone's full potential.

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!