SQL injection explained

Today i will explain the SQL injection. Input based attack is most effective for testing web security. And the SQL is most popular for web hacking. No wait, Let's start(Hey, i am not going to explain what is SQL injection; it is how to exploit).



Testing if the target is vulnerable :

Suppose the target site is http://www.victim.com. We can quickly gather some information by Google for finding some parameters based URL. Simply if go to google and search like :

site:www.victim.com filetype:php

(Note: I think you already gathered some information against the site . So you know what is their file extension . If you are attacking randomly then go away from here.)

Then we see many result like:
www.victim.com/index.php
www.victim.com/something.php?id=3


Read more »