SQL Injection Tutorial: Part 2/3 – Standard SQL Injection

[NOTE: The Information given below is for Educational Purpose only, and not for malicious purpose. If you wish to carry out any type of malicious activity using this information, you are on your own. We, at SafeNull, will not be responsible for it.]

SQL Injection Tutorial: Part 1/3 – Standard SQL Injection

So welcome guys to another SQL Injection tutorial, this is part two and in this part I’ll show you how to find a vulnerable site for SQL Injection.

So first what you can do is look for the site page that has “.php?id=x” in it, for example www.realsite.com/index.php?id=x. “x” is some random number. But if you don’t want to look for that in all pages of some site you can use Google dorks. If you don’t know Google dorks are search strings for advanced Google search, so for the example if you want to look for some vulnerable site you can use them. Here is an example:

inurl: .php?id=

So when you find website you want just put ” ‘ ” at the end of the URL so for the example the URL would be www.realsite.com/index.php?id=x‘ and if site is vulnerable the MySQL error will occur: “Query failed : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”’ at line 1 ” I will not go into details on how to find databases, tables and columns because it is illegal to steal that data.

So that is it for this part, in the next part we will take a look into Blind SQL Injection attack.

[NOTE: The Information given below is for Educational Purpose only, and not for malicious purpose. If you wish to carry out any type of malicious activity using this information, you are on your own. We, at SafeNull, will not be responsible for it.]

0 Comments

Leave a Comment

Login

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password

Register