So now you know what SQL injection is and how to find a vulnerable website using Google Dorks, now we can finally get in action. :D
Vulnerability Test
To find out if a website is vulnerable to SQLi, simply add a ' at the end of the url.
So for me it would be PHP Code:
www.examplewebsite.com/index.php?id=1'
Now press enter, if you get an error that says something like: "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right (etc)..." or something similar. That error is good, as it means that the site is vulnerable, hackable, so now you can simply continue with SQL Injecting. If you get no error, the site is not vulnerable. (Then you have to use Xpath Injection which we will learn in further lessons)
No comments:
Post a Comment