SQL injection explained
Today i will explain the SQL injection. Input based attack is most effective for testing web security. And the SQL is most popular for web hacking. No wait, Let's start(Hey, i am not going to explain what is SQL injection; it is how to exploit).
Testing if the target is vulnerable :
Suppose the target site is http://www.victim.com. We can quickly gather some information by Google for finding some parameters based URL. Simply if go to google and search like :
site:www.victim.com filetype:php
(Note: I think you already gathered some information against the site . So you know what is their file extension . If you are attacking randomly then go away from here.)
Then we see many result like:
www.victim.com/index.php
www.victim.com/something.php?id=3
Read more »