Geek Answers Handbook

How to manually perform SQL injection on my site?

I found many tools that inject passwords, bucks, and various materials into other websites.

However, I am sure that no one will work against all forms on my site.

So, I want to manually test my site for SQL injection.

What is a good way to try SQL injection on my site?

Do I need a database name, database username and password? Do I need to know the SQL port number? How do i get started?

+4
source share
6 answers

Check out this trickster to try it out manually. OWASP also covers theory . You must be familiar with it in order to use automated tools effectively.

Here is a list of tools you can use.

+3
source

An attacker does not need to know the password for the database, but you can assume that your table names and schemas can be guessed.

Just list the set of parameters that each page occupies (including those that are not referenced by any form, and those that are filled only with hidden parameters) and try to put special characters in them, such as quotation marks. If O'Reilly input on the input form throws an exception, then a good change of ' OR '' == ' will result in the whole group having more results than the programmer had planned.

+1
source

here is a good post about sql injections

http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

0
source

There is no 100% reliable tool that will let you know if your site is vulnerable to SQL injection or not. If SQL injection did not exist, and that would not be fun :-) You can check sqlmap . And here is an article describing the different lines that you can try to enter.

0
source

You need to check the steps in which you used inline sql queries that are concatenated with user input. the user can enter the entire sql query, which will then be executed as a subquery.

Check out this link.

0
source

More articles:


All Articles