For a Friend of mine :)
SQL injection: it is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.
Q:- how can we find out if a website we are testing on, is vulnerable to SQL injection or not? Fine!! Some might be knowing, but for those who don’t know, I am going to quantify the whole process.
1. Use google dorks to find out the vulnerable sites, putting the following queries on google search engine:
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
Now you get a list displayed on the result page. Select one by one. Suppose we select the first result.Click on it.
2. Put ‘ (single quote) at the extreme end of the link displayed on the address bar and press ‘enter’.Or after The "Equal to(=)" Sign
3. Now if a page opens up saying there is an SQL Error, that means the website is 110% vulnerable to SQL Injection.
Simple :)
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
Now you get a list displayed on the result page. Select one by one. Suppose we select the first result.Click on it.
2. Put ‘ (single quote) at the extreme end of the link displayed on the address bar and press ‘enter’.Or after The "Equal to(=)" Sign
3. Now if a page opens up saying there is an SQL Error, that means the website is 110% vulnerable to SQL Injection.
Simple :)
BY MR:47{XYBER SHEIKH}
No comments:
Post a Comment