What is SQL Injection? and how to find SQL vul Site and DOrks

SQL ( structure Query Language) is a technique to attack  database of the website which can contains usernames, Passwords, Credit card Info and other confidential data.It mainly occur in the web application. It occurs when there is a bug in the my SQL syntax. By this attacker enter into the database and cause damage to the site. The main reason for sql injection because the admins don't pay that much attention to the security of the site.
You can hack Site by the followings methods ( mostly used )
Manual SQL Injection
SQl Injection with tool
By pass queries of the Sql Injection. This allows attacker to get into the site with knowing the password & username
Username = admin
Password = ' or '1'='1

How to protect your site from SQL attacks
  • Scan your site with best vulnerability scanner every month or every 2 week 
  • If you find any SQL vulnerability patch it as soon as possible.
  • Always put your strong , encrypted , can't be guess by dictionary attack
  • Always enable WAF( web authentication filter) this will prevent attacker to execute malicious scripts and thus also prevent xss (cross side scripting) .
  • Always track your logins, If any attacker hacked your site you get to know that.   
How to find SQL vul Sites
Here are some dorks by which you can find the  SQL vul sites just by copy and pasting the dorks in the google and you see the many sites. By putting the " ' " ( with out quotes ) at the end of the SQL parameter you can the sites weather they are vul to SQL or not . If it is SQL vul you see the error ( MY SQL Syntax)  or if there is no error then website will open as is it after having " ' " ( wiith out quotes )at the end or you see no MY SQL Syntax error and the website is not SQL Vul.

IT LOOK 'S LIKE
Search dork on google

MY SQL  Syntax error on the site
The above site is SQL vul you can hack it by using the tool havij or by  doing it manually.

SQL Dorks
Mostly Used dorks
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
Rest dorks
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=

If you want to search the SQL vul site of a particular country you can search SQL vul site of a 
particular country ..
Just put the .site:countrycode
for example
i took a dork " inurl:index.php?id= " Now if you to search the SQL vul site of a particular country ( pakistan country code (.pk)
your dork is " inurl:index.php?id=site:pk "
Download more dorks
click here 
Only for education purpose... Try it at your own Risk 
 i hope this post is helpful to you..... :D Happy security... :)

Penulis : SurajNath ~ Sebuah blog yang menyediakan berbagai macam informasi

Artikel What is SQL Injection? and how to find SQL vul Site and DOrks ini dipublish oleh SurajNath pada hari Saturday 21 April 2012. Semoga artikel ini dapat bermanfaat.Terimakasih atas kunjungan Anda silahkan tinggalkan komentar.sudah ada 14 komentar: di postingan What is SQL Injection? and how to find SQL vul Site and DOrks
 

14 comments:

  1. ken11 May 2012 at 22:47

    I think you might enjoy it.I understand that each of these topics might be better suited to a message board post, but I thought they might each be relevant to the post and comments.Thank You.

    ReplyDelete
    Replies
    1. No Name25 February 2022 at 08:57

      **SSN FULLZ WITH HIGH CREDIT SCORES AVAILABLE**

      >For tax filling/return
      >SSN dob DL all info included
      >For SBA & PUA filling
      >Fresh spammed & Fresh database

      **TOOLS & TUTORIALS AVAILABLE FOR HACKING SPAMMING CARDING CASHOUTS CLONING**

      =>Contact 24/7<=

      Telegram > @killhacks
      ICQ > 752822040
      Skype > Peeterhacks
      Wickr me > peeterhacks

      FRESHLY SPAMMED
      VALID INFO WITH VALID DL EXPIRIES

      *All info included*
      NAME+SSN+DOB+DL+DL-STATE+ADDRESS
      Employee & Bank details included

      CC & CVV'S ONLY USA AVAILABLE

      SSN+DOB
      SSN+DOB+DL
      High credit fullz 700+
      (bulk order negotiable)
      *Payment in all crypto currencies will be accepted

      ->You can buy few for testing
      ->Invalid info found, will be replaced
      ->Serious buyers contact me for long term business & excellent profit
      ->Genuine & Verified stuff

      TOOLS & TUTORIALS AVAILABLE FOR
      (Carding, spamming, hacking, scripting, scam page, Cash outs, dumps cash outs)

      Ethical Hacking Tools & Tutorials
      Kali linux
      Facebook & Google hacking
      Bitcoin Hacking
      Bitcoin Flasher
      SQL Injector
      Bitcoin flasher
      Viruses
      Keylogger & Keystroke Logger
      Logins Premium (Netflix, coinbase, FedEx, PayPal, Amazon, Banks etc)
      Bulk SMS Sender
      Bitcoin Cracker
      SMTP Linux Root
      DUMPS track 1 and 2 with & without pin
      Smtp's, Safe Socks, rdp's, VPN, Viruses
      Cpanel
      PHP mailer
      Server I.P's & Proxies
      HQ Emails Combo (Gmail, yahoo, Hotmail, MSN, AOL, etc)

      ->Serious buyers are always welcome
      ->Big discount in bulk order
      ->Offer gives monthly, quarterly, half yearly & yearly
      ->Hope we do a great business together

      CONTACT 24/7
      Telegram > @killhacks
      ICQ > 752822040
      Skype > Peeterhacks
      Wickr me > peeterhacks

      Delete
    2. Anonymous21 March 2022 at 19:10

      What Is Sql Injection? And How To Find Sql Vul Site And Dorkstech4Lab >>>>> Download Now

      >>>>> Download Full

      What Is Sql Injection? And How To Find Sql Vul Site And Dorkstech4Lab >>>>> Download LINK

      >>>>> Download Now

      What Is Sql Injection? And How To Find Sql Vul Site And Dorkstech4Lab >>>>> Download Full

      >>>>> Download LINK ee

      Delete
    3. Anonymous23 October 2022 at 19:11

      Fullz/Pros/Leads With Complete Info
      Tools & Tutorials For Hac-king/Spa-mming/Card-ing

      CC FULLZ
      SSN DOB FULLZ
      SSN+DOB+DL FULLZ
      HIGH CREDIT SCORES FULLZ 700+
      FULLZ FOR SBA/PUA/UI/TAX RETURN
      PREMIUM FULLZ
      BULK FULLZ
      DUMPS WITH PIN CODES

      -----CONTACT HERE-----
      @leadsupplier - Tele-gram
      7528-220-40 - I C Q
      peeterhacks - Skype/Wickr

      ALL TOOLS & TUTORIALS
      Hac-king
      Spam-ming
      Car-ding
      Kali Linux Master Class
      Ke-ylogg-ers
      BTC Cracker/Flasher
      FB/WA Hac-king Stuff
      Combos
      Senders (SMS/EMAIL)
      Smtp's/rdp's/cpanels/shells

      @killhacks - TELE GR
      752 82 20 40 - I.C.Q

      Just Feel Free to ask for any tool
      24/7 Response
      Payment mode crypto currencies
      Invalid stuff will be replaced/No refund

      Delete
  2. Unknown5 February 2013 at 07:36

    hahahahah pk wow .... gandu ki nasal ab dekh indian
    sitez ka kya haal kartey hain...see u

    ReplyDelete
  3. sk20 June 2020 at 14:55

    This comment has been removed by the author.

    ReplyDelete
  4. sk21 June 2020 at 01:14

    On this page you can read my interests, write something special. anime music video's

    ReplyDelete
  5. ayan21 June 2020 at 10:11

    Hey what a brilliant post I have come across and believe me I have been searching out for this similar kind of post for past a week and hardly came across this. Thank you very much and will look for more postings from you. best indian sites for online shopping

    ReplyDelete
  6. Fiverr23 July 2020 at 13:38

    I read your blog frequently, and I just thought I’d say keep up the fantastic work! It is one of the most outstanding blogs in my opinion. brolic

    ReplyDelete
  7. komal17 December 2020 at 07:18

    Attractive, post. I just stumbled upon your weblog and wanted to say that I have liked browsing your blog posts. After all, I will surely subscribe to your feed, and I hope you will write again soon! convert youtube to mp4

    ReplyDelete
  8. komal12 January 2021 at 02:45

    There is such a great amount in this article I would never have considered all alone. Your substance gives perusers things to consider in a fascinating way. Much obliged to you for your reasonable data. เครดิตฟรีแค่กรอกเบอร์

    ReplyDelete
  9. No Name25 February 2022 at 08:57

    **SSN FULLZ WITH HIGH CREDIT SCORES AVAILABLE**

    >For tax filling/return
    >SSN dob DL all info included
    >For SBA & PUA filling
    >Fresh spammed & Fresh database

    **TOOLS & TUTORIALS AVAILABLE FOR HACKING SPAMMING CARDING CASHOUTS CLONING**

    =>Contact 24/7<=

    Telegram > @killhacks
    ICQ > 752822040
    Skype > Peeterhacks
    Wickr me > peeterhacks

    FRESHLY SPAMMED
    VALID INFO WITH VALID DL EXPIRIES

    *All info included*
    NAME+SSN+DOB+DL+DL-STATE+ADDRESS
    Employee & Bank details included

    CC & CVV'S ONLY USA AVAILABLE

    SSN+DOB
    SSN+DOB+DL
    High credit fullz 700+
    (bulk order negotiable)
    *Payment in all crypto currencies will be accepted

    ->You can buy few for testing
    ->Invalid info found, will be replaced
    ->Serious buyers contact me for long term business & excellent profit
    ->Genuine & Verified stuff

    TOOLS & TUTORIALS AVAILABLE FOR
    (Carding, spamming, hacking, scripting, scam page, Cash outs, dumps cash outs)

    Ethical Hacking Tools & Tutorials
    Kali linux
    Facebook & Google hacking
    Bitcoin Hacking
    Bitcoin Flasher
    SQL Injector
    Bitcoin flasher
    Viruses
    Keylogger & Keystroke Logger
    Logins Premium (Netflix, coinbase, FedEx, PayPal, Amazon, Banks etc)
    Bulk SMS Sender
    Bitcoin Cracker
    SMTP Linux Root
    DUMPS track 1 and 2 with & without pin
    Smtp's, Safe Socks, rdp's, VPN, Viruses
    Cpanel
    PHP mailer
    Server I.P's & Proxies
    HQ Emails Combo (Gmail, yahoo, Hotmail, MSN, AOL, etc)

    ->Serious buyers are always welcome
    ->Big discount in bulk order
    ->Offer gives monthly, quarterly, half yearly & yearly
    ->Hope we do a great business together

    CONTACT 24/7
    Telegram > @killhacks
    ICQ > 752822040
    Skype > Peeterhacks
    Wickr me > peeterhacks

    ReplyDelete
  10. Anonymous21 March 2022 at 19:09

    What Is Sql Injection? And How To Find Sql Vul Site And Dorkstech4Lab >>>>> Download Now

    >>>>> Download Full

    What Is Sql Injection? And How To Find Sql Vul Site And Dorkstech4Lab >>>>> Download LINK

    >>>>> Download Now

    What Is Sql Injection? And How To Find Sql Vul Site And Dorkstech4Lab >>>>> Download Full

    >>>>> Download LINK

    ReplyDelete
  11. Anonymous23 October 2022 at 19:11

    Fullz/Pros/Leads With Complete Info
    Tools & Tutorials For Hac-king/Spa-mming/Card-ing

    CC FULLZ
    SSN DOB FULLZ
    SSN+DOB+DL FULLZ
    HIGH CREDIT SCORES FULLZ 700+
    FULLZ FOR SBA/PUA/UI/TAX RETURN
    PREMIUM FULLZ
    BULK FULLZ
    DUMPS WITH PIN CODES

    -----CONTACT HERE-----
    @leadsupplier - Tele-gram
    7528-220-40 - I C Q
    peeterhacks - Skype/Wickr

    ALL TOOLS & TUTORIALS
    Hac-king
    Spam-ming
    Car-ding
    Kali Linux Master Class
    Ke-ylogg-ers
    BTC Cracker/Flasher
    FB/WA Hac-king Stuff
    Combos
    Senders (SMS/EMAIL)
    Smtp's/rdp's/cpanels/shells

    @killhacks - TELE GR
    752 82 20 40 - I.C.Q

    Just Feel Free to ask for any tool
    24/7 Response
    Payment mode crypto currencies
    Invalid stuff will be replaced/No refund

    ReplyDelete

Subscribe to: Post Comments (Atom)
Share

[Get Float Buttons]