Monday, 12 August 2013

Finding SQL Vulnerable Sites Easily


   Hello friends ,
                    Today am gonna help you to find SQL Vulnerable in Websites , so let me tell you what is SQL injection first.


SQL injectionSQL Injection is a technique in which hacker insert SQL codes into web Forum to get Sensitive Information like (User Name , Passwords) to access the site and Deface it. The traditional SQL injection method is quite difficult, but now a days there are many tools available online through which any script kiddie can use SQL Injection to deface a webite, because of these tools websites have became more vulnerable to these types of attacks.

I - Intro :

What you need to know is that 95% of the websites are vulnerable. That's why you need to improve your searching methods, to get better that the rest of the hackers. A scanner may help you, but it will never remplace your brain and often, you're much better than it to find vulnerabilities fast and easy.. We're gonna now speak about useful things to

A - The common google dorks

Search on the sub-domains : site:1.com
Search ONLY on the principal domain : site:www.1.com
Search in the URL : inurl: / allinurl:
Search for a specific file extension : filetype:
Search in the text : intext: / allintext:
Search in the title : intitle:
Search for a domain extension : site:* (fr/gov/mil/edu/org/..)

B - Web file extensions

Common web files extensions where fails are localized : PHP ; CFM ; HTM/HTML ; ASP ; ASPX .

All the other webfiles extensions where a fail may comes up (if you are lucky) : ASMX ; SWF ; DO ; PDF ; SEAM...

Note : Sometimes, you will have an URL like this : http://website.gov/?id=1
It may be vulnerable too but that's extremly rare.

C - Variables

Variables are necessary for SQL injections. Common ones are : id= ; pid= ; file= ; lang= ; pageid= ; path= ; rub= ; option= ; task=

D - What Search engine/Broswer should i use ?

Google, of course. Also, you must know that firefox is, for me, the more convenient to search SQL fails : fast and effective.

II - Become a pro :

First, it might sound stupid but you need to write very fastly. The hacker who don't will spent many time and then, abandons. In fact, a good thing to do is to open something like 5 tabs and use all what
you know about dorks and file extensions. I suggest you, when you are looking for SQL vulns, to search ONLY on ONE website : when you have a fail, that's good, but if you have a fail on your selected
website, that's better.
Here's is an example ;

Tab 1 - site:1.com inurl:cfm?id=
Tab 2 - site:www.1.com inurl:cfm?
Tab 3 - site:1.com inurl:php? inurl:id
Tab 4 - site:www.1.com inurl:asp
Tab 5 - site:1.com inrul:aspx?id

Note : instead of site:1.com , you can do site:*.1.com
Note 2 : You can do this with only 1 tab too, but you need to be really fast - e.g. If you don't have any results, go back immedialty to the previous page and change the dorks.

90% of the time while using this method, i find an SQL vulnerability on the website of my choice in few minutes.

III - A smart trick to use :

When you don't know which type of web file the vuln will infect, you can search by using only the variable.
Example :

inurl:id=1
inurl:lang=1

If you're good, you will get loads of good results with this dork.

IV - A special one

Okay, first it's not a common method, it don't works many times ; Sometimes, try to create a variable.
Example : http://site.gov/staff/graph.php
What yo do : http://site.gov/staff/graph.php?id=1

Why does it may work ? Because ID is a really used variable. So, when you have created it, you can try to inject.

    In my next post i will show you how to use Havij to hack a website so stay tuned .. :)


0 comments:

Post a Comment

 

Subscribe to our Newsletter

Contact our Support

Email : ajai199@gmail.com