Friday 15 June 2012

What is SQL Injection? and how to find SQL vul Site and DOrks

SQL ( structure Query Language) is a technique to attack  database of the website which can contains usernames, Passwords, Credit card Info and other confidential data.It mainly occur in the web application. It occurs when there is a bug in the my SQL syntax. By this attacker enter into the database and cause damage to the site. The main reason for sql injection because the admins don't pay that much attention to the security of the site.
You can hack Site by the followings methods ( mostly used )
Manual SQL Injection
SQl Injection with tool
By pass queries of the Sql Injection. This allows attacker to get into the site with knowing the password & username
Username = admin
Password = ' or '1'='1

How to protect your site from SQL attacks
  • Scan your site with best vulnerability scanner every month or every 2 week 
  • If you find any SQL vulnerability patch it as soon as possible.
  • Always put your strong , encrypted , can't be guess by dictionary attack
  • Always enable WAF( web authentication filter) this will prevent attacker to execute malicious scripts and thus also prevent xss (cross side scripting) .
  • Always track your logins, If any attacker hacked your site you get to know that.   
How to find SQL vul Sites
Here are some dorks by which you can find the  SQL vul sites just by copy and pasting the dorks in the google and you see the many sites. By putting the " ' " ( with out quotes ) at the end of the SQL parameter you can the sites weather they are vul to SQL or not . If it is SQL vul you see the error ( MY SQL Syntax)  or if there is no error then website will open as is it after having " ' " ( wiith out quotes )at the end or you see no MY SQL Syntax error and the website is not SQL Vul.

IT LOOK 'S LIKE
Search dork on google

MY SQL  Syntax error on the site
The above site is SQL vul you can hack it by using the tool havij or by  doing it manually.

SQL Dorks
Mostly Used dorks
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
Rest dorks
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=

If you want to search the SQL vul site of a particular country you can search SQL vul site of a 
particular country ..
Just put the .site:countrycode
for example
i took a dork " inurl:index.php?id= " Now if you to search the SQL vul site of a particular country ( pakistan country code (.pk)
your dork is " inurl:index.php?id=site:pk "
Download more dorks
click here 
Only for education purpose... Try it at your own Risk 
 i hope this post is helpful to you..... :D Happy security... :)
Written by at
Labels:

1 comment:

  1. jhon2 June 2017 at 09:33

    i never know the use of adobe shadow until i saw this post. thank you for this! this is very helpful. IoT data services

    ReplyDelete

Subscribe to: Post Comments (Atom)