We do this by entering “order by 1–“, “order by 2–” and so on until we receive a page error. Now we need to find the number of union columns in the database. If the page loads as normal then the database is not vulnerable, and the website is not vulnerable to SQL Injection. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/wwwprof/public_html/readnews.php on line 29 If the database is vulnerable, the page will spit out a MySQL error such as
Once you have found a page like this, we test for vulnerability by simply entering a ‘ after the number in the url. When testing a website for SQL Injection vulnerabilities, you need to find a page that looks like this:īasically the site needs to have an = then a number or a string, but most commonly a number.
0 kommentar(er)
