Hacking Website Using SQL Injection

24/06/2011 09:36

Database is a collection of data. In view of the site database is used to store user IDs, passwords, details of the website and much more.
List of databases are:

* DB Server,

* MySQL (open source)


* MS-Access

* Oracle

* Postgre SQL (open source)

* SQLite

Structured query language known as SQL. To communicate with the database using a SQL query. We are consulting the database for what is known as a query language.

The definition of a complete reference:

SQL is a tool for organizing, managing and retrieving information stored on your computer

database. The name "SQL" is an acronym for Structured Query Language. For

historical reasons, SQL is usually pronounced "sequel", but the alternative pronunciation

"SQL" is also used. As the name implies, SQL is a programming language that is used to

interact with a database. In fact, SQL works with a specific type of database, called

relational database.
Simple SQL queries to:

Select * from table_name

This statement is used to display the table contents, including the name of the column.

For example:

SELECT * FROM users;

INSERT INTO table_name (column_names ,...) values ​​(the corresponding values ​​in columns):

To insert data to the table.

For example:

insert into users (username, userid) VALUES ("Black Star", "black");

What is SQL injection?

SQL injection is the most common method of piracy and famous. Using this method an unauthorized person can access the site database. The attacker can get all the details of the database.

What can an attacker?

* The Easy sign-up

* Access to secret information

* Modify the contents of the site

* My SQL Server shuts down

Let us now delve into the actual process of SQL injection.

Follow my steps.

Step 1: Search the site vulnerable

Our best partners to SQL injection is Google. We can find vulnerable sites (hackable sites) using the Google Dork list. Dork Google search for vulnerable sites through Google search tips. There are a lot of stuff to search Google. But we will use "inurl:" command to find vulnerable sites.

Some examples:

inurl: index.php id =

inurl:? id = gallery.php

inurl:? id = article.php

inurl: pageid =

This is a huge list of Google Dork


How do you use?

Copy and paste the above commands one of the Google search box the engine.

Press Enter.

For a list of sites.

We have to visit a check for the vulnerability.

Thus begins the first web site.