What is SQL Injections---->
"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.Finding SQL Vulnerablities in website---->
Mainly you have to search this type of url in the website which are given below--->
index.php?id=
cms.php?id=
or some other links like this
To find vulnerable site you have to use dorks..
Now Search for site is vulnerable or not by simple adding ' after the site link.
Example:--- www.site.com/index.php?id=1'
Now you will be taken on a new site. If u see this error written in webpage given below than site is vulnerable or if u get on the page than site is not vulnerable.
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /web/htdocs/www.site.com/home/index.php on line 22
How to exploiting the vulnerable website--->
There are two methods of exploiting the website--->
1. Manually
2. Using software
Here i am gonna use software for exploiting website.
Steps to exploit the site------>
2. Now open the software in windows.
Now watch the tutorial video from here and perform all the steps same as in video.
0 comments:
Post a Comment
Comment for problems not for doing spam