Hacking Website Using SQL Injection
Database is a collection of data. In view of the site database is used to store user IDs, passwords, details of the website and much more.
List of databases are:
* DB Server,
* MySQL (open source)
* Postgre SQL (open source)
Structured query language known as SQL. To communicate with the database using a SQL query. We are consulting the database for what is known as a query language.
The definition of a complete reference:
SQL is a tool for organizing, managing and retrieving information stored on your computer
database. The name "SQL" is an acronym for Structured Query Language. For
historical reasons, SQL is usually pronounced "sequel", but the alternative pronunciation
"SQL" is also used. As the name implies, SQL is a programming language that is used to
interact with a database. In fact, SQL works with a specific type of database, called
Simple SQL queries to:
Select * from table_name
This statement is used to display the table contents, including the name of the column.
SELECT * FROM users;
INSERT INTO table_name (column_names ,...) values (the corresponding values in columns):
To insert data to the table.
insert into users (username, userid) VALUES ("Black Star", "black");
What is SQL injection?
SQL injection is the most common method of piracy and famous. Using this method an unauthorized person can access the site database. The attacker can get all the details of the database.
What can an attacker?
* The Easy sign-up
* Access to secret information
* Modify the contents of the site
* My SQL Server shuts down
Let us now delve into the actual process of SQL injection.
Follow my steps.
Step 1: Search the site vulnerable
Our best partners to SQL injection is Google. We can find vulnerable sites (hackable sites) using the Google Dork list. Dork Google search for vulnerable sites through Google search tips. There are a lot of stuff to search Google. But we will use "inurl:" command to find vulnerable sites.
inurl: index.php id =
inurl:? id = gallery.php
inurl:? id = article.php
inurl: pageid =
This is a huge list of Google Dork
How do you use?
Copy and paste the above commands one of the Google search box the engine.
For a list of sites.
We have to visit a check for the vulnerability.
Thus begins the first web site.