How to find vulnerable websites for SQL injection

In this article i'll be teaching how to find vulnerable websites for SQL injection.

What Is a SQL Injection

A SQL injection is a method to gain access and deface a website.
The SQL Injection attack allows external users to read details from the database, so attackers can dump whole website database and find admin username/password details.

Website URL need a parameter like php?id=4 / php?id=any number to inject.

For example: http://www.example.com/products.php?id=5 www.example.com/products.php?id=5 <= This type of website is needed in order to do this trick

To Find these type of website, Use Google Dorks- dork will advance search on google
Some Pakistan google Dorks list:
gallery.php?id= site:.pk
products.php?id= "+92"
cat.php?id= "+92"
default.php?catID="+92"

There is no limit in dork list, you can make your own google dork with keywords. Or you search on google for "New Google Dorks List" you will get many results.

Here you can find http://pastebin.com/Tdvi8vgK 7000 google dork lists

Once you find a website, then you can check for SQLi vulnerability.
Put an ' (Apostrophe) at the end of the URL Parameter.

I found a website http://www.fantco.com/products-category.php?cid=2

So, lets check for sqli vulnerability,

Just put Apostrophe (') at the end of tge website url parameter and see the changes.

Note : if you are using google chrome apostrophe will change to %27, it doesn't matter.

I found an error on this website👇👇

Some times we can see different error or sometimes we cannot see any error, but it will make some changes in that website, like some posts disappear, or photos etc vanish.

So, this is the easiest method to find sql vulnerability in websites. In the next post i'll show you how you can hack a website having sql vulnerability.

If you have any query in your mind,
Contact me on instagram : https://www.instagram.com/648.hrk/