Google Dorking is very powerful now to find directly SQLi vulnerable websites Very easily.

Hello Hackers I am Mr Abdullah Penetration Tester and Ethical Hacker.

Today I am writing about Google Hacking (Google Dorking) if you haven't read my previous Articles then go and Check ๐Ÿ‘‡๐Ÿ‘‡

How i Hacked My First Target using GooGle Dorking

How i Hacked My First Target using GooGle Dorking Hello! Fellow Hackers I am Mr. Abdullah a part time Bug Bounty Hunter and the founder of BitCops Hacking community where you can ask me your ...

osintteam.blog

and the following one๐Ÿ‘‡๐Ÿ‘‡

Automate your Google Dorking to Find Bugs

ุจูุณู’ู…ู ูฑู„ู„ูŽู‘ูฐู‡ู ูฑู„ุฑูŽู‘ุญู’ู…ูŽูฐู†ู ูฑู„ุฑูŽู‘ุญููŠู…ู

medium.com

after reading above articles now come on the main topic.

before i give you exact Google Dorks I want to explain you what is SQL and what is SQLi?

what is SQL?

SQL (Structured Query Language) is a programming language designed to manage and manipulate data in relational databases. It's like a powerful filing system for your data, allowing you to:

  • Create databases and tables
  • Read data from databases
  • Update existing data
  • Delete data

SQL uses commands like SELECT, INSERT, UPDATE, and DELETE to interact with databases. It's widely used for managing and analyzing large datasets, and is a fundamental skill for many careers, including data analysis, web development, and cybersecurity ๐Ÿ˜Š.

What is SQL injectionย ?

SQL injection (SQLi) is a web security vulnerability where an attacker injects malicious SQL code into a website's database to access, modify, or extract sensitive data. ๐Ÿ˜Ÿ

Here's how it works:

1. Vulnerable input: A website takes user input (e.g., username, password) without proper validation. 2. Malicious input: An attacker injects SQL code as input (e.g., admin' OR 1=1 --). 3. Database execution: The database executes the malicious SQL code, potentially revealing sensitive data or granting unauthorized access.

Types of SQL injection:

  1. Classic SQLi: Injecting SQL code into user input fields.
  2. Blind SQLi: Injecting SQL code, but the database doesn't display error messages.
  3. Time-based SQLi: Injecting SQL code that delays database responses.

Now you know about SQL and SQL injection let's learn about Google Dorks to find directly SQLi vulnerable websites.

you know Google Dorking is all about filtering data from Google like when we want to find data from a specific (.com .us .in โ€ฆetc) domain then we use site: dork and intext: dork for finding specific text on the website page and we will minus websites using -site: dork.

here is the exact dork to find SQLI vulnerable website:

site:*.com inurl:php?id= (intext:"You have an error in your SQL syntax" | intext:"mysql_fetch" | intext:"Warning: mysql") -site:bugs.mysql.com -site:bug.php -site:bugs -site:sphinxsearch.com -site:webassist.com -site:ghithu.com -site:stackoverflow.com -site:routicket.com -site:mydbr.com -site:mysqlforum.com -site:forums.mysql.com -site:forum.opencart.com -site:quora.com -forum -community

Note:use this dork only on google chrome and you can minus more website that's are related to teaching php and mysql.

and if you need more dorks to find sql, xss, html,โ€ฆ.etc vulnerable websites then follow me on x @MrUnKnwn and msg me dork i will send it to you and also follow me to receive my upcoming articles.