What is SQL Injection and How it is

Karan Singh Rajawat Monday, May 16, 2011


How to check that your website is vulnerable?
Well, After reading the basics above you might have got the concept of SQL injection. But many tools are also available to scan your website or server for such errors in database, Note, When error occurs it means that website is vulnerable.


First Method:

Here is an online scanner:

http://webhosting.blackoutaio.com/~sqli/
For example, If you want to scan, www.website-wamiq.com then put this in scanner bar:
inurl:php?=id+site:website-wamiq.com 
If you get:



http://www.website-wamiq.com/product.php?id='3 <== Success

Then it means that website is vulnerable and can be exploited easily by getting the number of colums.
(Note: catid, data, num is also used in addition to id. Simply replace id with your desired value in the dork of scanner.)




Second Method:

Here is an automated scanner, Which is for newbies, Just click scan and take rest.
Go to this link to get detailed information on how to find SQL vulnerability in website.
To get Acunetix vulnerability scanner Trial version go here.
Google+ Pinterest