Finding SQL injection vulnerable websites
Use Google to find Vulnerable website by searching for below query :
inurl:php?id=
There are several other dorks to find SQL injection vulnerable websites but above one is easiest and success rate almost 90-95%.
Now Google search will display some results. Open any one of them, say
www.example.com/shop.php?id=6
Now to check if its vulnerable to SQL Injection or not, just add ‘(single quote) at end of it i.e. query will become something like below:
www.example.com/shop.php?id=6′
Now if you get error something like below, then it means website is vulnerable to SQL Injection.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\” at line 1
or something like below:
Query failed: You have an error in your SQL syntax near ”6”’ at line 1
or any other error.