SQL Injection





Before moving to SQL injection you should be able to know what is a Database?





A Database is a collection of data. It consists of tables with rows and columns having some data.





Databases are generally used in websites to store the usernames, passwords and their details etc.





SQL





SQL is known as Structured Query Language. SQL is the language used to communicate with the database. SQL queries are written in order to store or retrieve the data from the websites.





Simple SQL Query





select * from users;





Here, select is a command used to retrieve the data from the database. * says to get all the information from the table. And finally users is the name of the table in the database.



Create table users;



Here, create is the command used to create the table. Table says that the command is being used to create a table. And users is the name of the table.





What is SQL Injection?





SQL Injection is the common and more effective way for people to steal the data in the database. By using this method the attacker can gain access as an admin to the website and can manipulate the database.





What can attacker do





*Bypass logins

*Access the database

*Manipulate users list

*Can manipulate the entire server





Now by knowing all this let's see how SQL injection is done





Step 1:Find the vulnerable websites





There are almost 1 billion websites in the world and many of them are vulnerable for sql injection.





You can find the sql vulnerable websites by using the following google dorks





inurl:/login.php

inurl:/admin.php

inurl:/admin

inurl:/login.html



