Hello Sirs,
I’ve recently noticed a few complaints of people not finding vulnerable sites. While this could be just lazyness, there is a way i use which uses a more advanced to find vulnerable sites with Google Dorks. This requires a brain, patience, and some effort. The reward is always great however.
What we’ll be covering:
– Advanced Google Dorks vs Normal
– Adv. Dork list
– How to maximize this information
– Tutorial list
While this tutorial is very basic and brief, i wish you all please leave me feedback. This isn’t a “Hacking” tutorial, but more of a resource. Thank you for reading and enjoy!
What’s a “Advanced” Google Dork?
A Adv. Google Dork is a dork which can be used to find unsaturated sites, free from the usual SQL Injections. A typical site with a index.php?id= will probably been attacked or scanned by many people. You want to find something fresh right?! Below is a example of a advanced dork:
inurl:index.php?id=7 site:DE
Let’s break it down:
index.php?id= is a typical dork, however, adding a 7 (or any number) makes you search ONLY id’s with a 7.
Site:DE makes the search results only .de sites (German.) This is especially useful for doing mini cyber attacks of sites of a oppressive government or something of that sort.
Now, with this, you can combine many differernt elements. For example, say you wanted to find a .edu or .gov, you would use a dork like this:
inurl:index.php?id=12 site:.gov
While it’s a simple change, this can greatly increase your chance of getting something big.
What kind of sites are good for SQL Injection?
Any site! However, if your wanting to have a bit more glory, you could go after a news site, .edu, .gov, etc. A few .edu’s will have student data, which can contain some real serious stuff! While just doing SQLi isn’t a big “Hacking” skill, it can be a portal to a admin panel, which from there can be used to deface a site. While i don’t recommend you deface random sites, you can find many tutorials on shelling and defacing in both Legion SF and public tutorials.
Example of a news dork:
inurl:news/view.php?id= site:NL
A vulnerable .edu for anyone wanting to practice. I’ve already looked around, and if your heart desires, feel free to take any of the info. I will warn, it does have alot of stuff that can get you in trouble, but none the less, it’s a good site to practice on.
Use any id, 15-75 have been tested.
How can you benefit from a SQL injection? Well, if it’s a high profile site, you can simply say you’ve found a exploit, and show proof (Data leaked, logins, tables, etc.) and possibly gain a juicy award. Apple offers a spot on the Hall of Fame for finding a exploit on there site!
Finishing up…
Below i will include a few tutorials for SQLi, a list of dorks to work with, and general advice. I’m sorry for the rush, i have classes in the morning, and wanted to get this out. If you need a vulnerable list for a certain domain, please let me know and i’ll gladly find some for you. Again, i’m not myself very experienced in SQLi (Not my skill base..) but this is something many of you lazy and practice hungry people could use!
Small vulnerable list with a few advanced examples:
http://pastebin.com/iQUcNGuH
7k dorks by Sideswipe:
http://pastebin.com/x1rtqktj
Tutorials i used to learn with:
Union Based:
http://www.hackforums.net/showthread.php?tid=2061628
http://www.hackforums.net/showthread.php?tid=2085773
Error Based:
http://www.hackforums.net/showthread.php?tid=2085773
Truth Is Heard 