A method of finding websites vulnerable to SQL injection is using what we call "dorks"
Dorks : They are like search
criteria in which a search engine returns results related to your dork.
The process can be a little time consuming, but the outcome will be
worth it after learning on how to use dorks.
Basic Formula of dork,"inurl:."domain"/"dorks" "
So you would normally understand it like this:
"inurl" = input URL
"domain" = your desired domain ex. .gov
"dorks" = your dork of your choice
Do you really think inurl: is the only google dork that you can use? Wrong there are many you can use!
You can use following words instead of inurl :
intitle:
inurl:
intext:
define:
site:
phonebook:
maps:
book:
froogle:
info:
movie:
weather:
related:
link:
All these also help yo find other things then vulnerables.
Anyway now I am going to explain you how to use some for finding vulnerability in websites.
1: intitle:
You can use the intitle to find anything in the title of the website. Which also could be usefull to find downloads or anything else.
intitle:rte/file_uploud
This is an example to find rte vulnerables.
2: inurl:
The inurl basicly looks for anything after the : in the site urls.
inurl:index.php?id=
3: intext:
you can find literally everything using intext, you could even use the inurl dorks whit this.
intext:"powered by mybb"
Using it we could find certain messages in a site. Above message looks
for all mybb forums. Which means if I ever find a vulnerability in mybb
forum and know how to locate it! then I can find out every mybb forum
vulnerability using this dork.
4: define:
Google will define this massage and will look for what had this error for example,
define:"sql syntax error"
5: site:
Obvious, when we will use it, google will looks for a site .
site:cocacola
Google will look for any site related with cocacola.
6: phonebook:
It will look for the phone number related to it given name.
phonebook:wildhacker
7: maps:
Google will look on google maps for your search.
8: book:
Google has an online library store. If you want to find interesting books use this dork.
book:java language
This will look for any book gogole hase indexed whith java language in it.
9: froogle:
Used for froogle search instead of google.
10: info:
google looks for anything you inputted but only information about string which you have puted next to info: .
info:firefox
Above dork will show you alot off things about firefox like what is firefox etc.
11: movie:
You can find information about movies on google using this dork.
movie:watch hackers2 online
12: weather:
You can find information about weather on google using this dork.
weather: 21/12/2011 london
13: related:
This will look for anything related to what you have entered next to related: .
related:egg
Google responds whith sites about chickons laying eggs.
14: link:
This one will works better instead of only looking in search url, it will also look in the site for urls that possibly are vulnerable.
link:index.php?id=
This is verry usefull I would say even more then inurl.
Vulnerability Approach :
Once you search website using above dorks, now its time to check whether
the website is vulnerable to SQL injection or not, we simply put in a
quote " ' " at the end of the url address.
So our site will look like this,
http://www.site.com/index.php?id=123'
If the site is vulnerable, you will see the following error or something similar somewhere on the page.
" Error executing query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\\\' ORDER BY date_added DESC' at line 1 "
If you get this, the site should be vulnerable. So far so good!
Now you can use either Havij SQL Injection Software to hack website or Manual website hacking technique.