What is SQL Injection? and how to find SQL vul Site and DOrks
SQL ( structure Query Language) is a technique to attack
database of the website which can contains usernames, Passwords, Credit
card Info and other confidential data.It mainly occur in the web
application. It occurs when there is a bug in the my SQL syntax.
By this attacker enter into the database and cause damage to the site.
The main reason for sql injection because the admins don't pay that much
attention to the security of the site.
You can hack Site by the followings methods ( mostly used )
Username = admin
Password = ' or '1'='1
How to protect your site from SQL attacks
You can hack Site by the followings methods ( mostly used )
Manual SQL Injection
SQl Injection with toolBy pass queries of the Sql Injection. This allows attacker to get into the site with knowing the password & username
Username = admin
Password = ' or '1'='1
How to protect your site from SQL attacks
- Scan your site with best vulnerability scanner every month or every 2 week
- If you find any SQL vulnerability patch it as soon as possible.
- Always put your strong , encrypted , can't be guess by dictionary attack
- Always enable WAF( web authentication filter) this will prevent attacker to execute malicious scripts and thus also prevent xss (cross side scripting) .
- Always track your logins, If any attacker hacked your site you get to know that.
Here are some dorks by which you can find the SQL vul sites just by
copy and pasting the dorks in the google and you see the many sites. By
putting the " ' " ( with out quotes ) at the end of the SQL parameter
you can the sites weather they are vul to SQL or not . If it is SQL vul
you see the error ( MY SQL Syntax) or if there is no error then website
will open as is it after having " ' " ( wiith out quotes )at the end or
you see no MY SQL Syntax error and the website is not SQL Vul.
IT LOOK 'S LIKE
Search dork on google
MY SQL Syntax error on the site
The above site is SQL vul you can hack it by using the tool havij or by doing it manually.
SQL Dorks
Mostly Used dorks
Rest dorksinurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
If you want to search the SQL vul site of a particular country you can search SQL vul site of a
particular country ..
Just put the .site:countrycode
for example
i took a dork " inurl:index.php?id= " Now if you to search the SQL vul site of a particular country ( pakistan country code (.pk)
your dork is " inurl:index.php?id=site:pk "Download more dorks
click here
Only for education purpose... Try it at your own Risk
i hope this post is helpful to you..... :D Happy security... :)
i never know the use of adobe shadow until i saw this post. thank you for this! this is very helpful. IoT data services
ReplyDelete