Join us on Slack!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Monday, August 19, 2019
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 57
Guests Online: 55
Members Online: 2

Registered Members: 117730
Newest Member: Albertacamb
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

Quick SQL Injection Question

pawnflow
Member



Posts: 48
Location:
Joined: 11.01.17
Rank:
Hacker Level 1
Posted on 14-06-17 22:00
Recently, I was reading an article on hacking with Google. One of the examples was about searching "inurl index.php?id=" in Google to find SQL Injection vulnerabilities.

I'm confused, how is this associated with SQL injection.
Author

RE: Quick SQL Injection Question

Huitzilopochtli
Member



Posts: 1621
Location:
Joined: 19.02.13
Rank:
God
Posted on 14-06-17 23:54
It's a specific search term containing one of the most common variables where you'd find a likely sql injection point.  It'll pull up a list of sites where 1000 other people have already been before you looking for sql holes.

Google dorks are probably the first step for a lot of people as they try to find their first vulnerabilities in a 'real site. I suppose it's a lot like doing the challenges here and elsewhere, as it gains you valuable insight into where to look in order to find real security holes on your travels.

It's also the most likely search term to lead you to a Honeypot
Author

RE: Quick SQL Injection Question

pawnflow
Member



Posts: 48
Location:
Joined: 11.01.17
Rank:
Hacker Level 1
Posted on 16-06-17 03:31
Does that mean that websites who use the variable "id" are more prone to SQL Injection?
Author

RE: Quick SQL Injection Question

Huitzilopochtli
Member



Posts: 1621
Location:
Joined: 19.02.13
Rank:
God
Posted on 16-06-17 07:23
No, it could be absolutely anything before the = sign, Google dorks just bring up a list of sites all containing the targeted search term in their urls, then they can be quickly tested to see if they're vulnerable or not.
Author

RE: Quick SQL Injection Question

pawnflow
Member



Posts: 48
Location:
Joined: 11.01.17
Rank:
Hacker Level 1
Posted on 16-06-17 22:16
Got it, thanks.
Author

RE: Quick SQL Injection Question

soldi3r
Member



Posts: 15
Location:
Joined: 29.09.17
Rank:
Wiseman
Posted on 16-10-17 17:25
pawnflow wrote:
Recently, I was reading an article on hacking with Google. One of the examples was about searching "inurl index.php?id=" in Google to find SQL Injection vulnerabilities.

I'm confused, how is this associated with SQL injection.


Well this isn't associated with SQL injection. But it helps to find out the SQL vulnerable websites that you can use for SQL injection. If you don't want to use that. You can manually check website for vulnerability.


http://www.breachthesecurity.com