This post is by a banned member (Speci) - Unhide
27 September, 2020 - 01:30 PM
If they have a form on the website and it's not protected against SQL injection you can easily get access to their database. Even without a form some websites use GET requests so the URL will be like this: https://website.com/r?=something
This post is by a banned member (Fez) - Unhide
OP 27 September, 2020 - 01:35 PM
(27 September, 2020 - 01:30 PM)PinkPanther Wrote: Show More Thank you for that but if the website still doesn't have this what's the next step?
This post is by a banned member (Speci) - Unhide
27 September, 2020 - 01:49 PM
(27 September, 2020 - 01:35 PM)crisps Wrote: Show More Well if the website doesn't even use SQL how do you expect to do a SQL attack on that website?
This post is by a banned member (EXERCISE12) - Unhide
29 September, 2020 - 10:03 AM
Im not a great expert but, in my opinion, if you want to find a vulnerability in a website you can try to follow along OWASP Web Security Testing Guide and test different kind of attacks. you cant expect to hack every website with only sql injection. A good starting point could be to find the components of the site with tools like wappalyzer and then search if some component has known vulnerabilities.
|
![[Image: SjIaf.gif]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fs13.gifyu.com%2Fimages%2FSjIaf.gif)
| Create an account or sign in to comment | ||
| You need to be a member in order to leave a comment | ||
|
Create an account
Sign up for a new account in our community. It's easy!
|
or |
Sign in
Already have an account? Sign in here.
|
Users browsing this thread: 2 Guest(s)