SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a back-end database. Hacker/Cracker take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.
FINDING VULNERABLE WEBSITE
Small List of Google Dork:
What you have to do now is just simple just copy one of above and paste in google search box. You will get the huge website list, Those are vulnerable for hacking using SQL injection.
If you want to hack a government website, or an education website or any specific country website?
It’s simple. You just have to Modify your dorks. First off, here are some common domains
.gov = Government websites
.edu = Educational websites
.org = Organizational websites
.com = Commercial websites
.info = Informative websites
.net = Networking websites
.bd = Bangladesh websites
.br = Brazil websites
.cn = China website
.in = India websites
.pk = Pakistan websites
you can find here all country websites domain http://www.checkdomain.com/list.html
Alright now you know some specific domains, lets add them to our dork. Code: “inurl:.”domain”/”dorks” ” So you would normally understand it like this: “inurl” = input URL “domain” = your desired domain ex. .gov “dorks” = your dork of your choice Now for an example, lets say you want to hack government websites Here’s how it’ll look “inurl:.gov/index.php?id=” or
Now for an example, lets say you want to hack specific country websites Here’s how it’ll look ‘inurl:.br/index.php?id=’ Once you search that up, you’ll find a lot of government websites and specific country websites on your results..