-4

In order to find websites with potential sql injections, it is possible to use google dorks like "inurl:.php?id="

From the results that google will give, does it mean all the websites listed use sql database (mysql, oracle or any other)?

jkdev
  • 11,360
  • 15
  • 54
  • 77
poobaisle
  • 5
  • 1

1 Answers1

2

As it is a backend call, we can't exactly say, that it related to a Database as well. The reason is that while captured based on $_GET['id'], the returning value can be decided only upon the backend, solely based on PHP. So SQL connection is not essentially needed in that purpose.

Pasan Chamikara
  • 715
  • 9
  • 21
  • Thank you. It could be a php include for example ? – poobaisle Sep 01 '19 at 05:25
  • Yes it could be, and we can just render it via the same script without a including a separate script. – Pasan Chamikara Sep 01 '19 at 05:28
  • Which means even if I know for sure the website is using an sql back-end database, the fact that an HTTP GET Request would show that string ".php?id=" doesn't necessarily mean the request will be send to the sql database. It just could use another way : include fonction, XML, etc... – poobaisle Sep 01 '19 at 05:35
  • Yep exactly. But in most cases this would be DB server integrated. – Pasan Chamikara Sep 01 '19 at 05:37
  • So, to be sure it is using sql I need to play with the value like 2-1 or 1+' '+1 or stuff like that to see how it is treated by the application. I am asking because many times when I try to do something like id=20 then id=20-1 for exemple it will throw the same result. I suspect it is not using sql. – poobaisle Sep 01 '19 at 05:40
  • Regarding that I do think this would give a proper explanation https://stackoverflow.com/questions/1455578/characters-allowed-in-get-parameter – Pasan Chamikara Sep 01 '19 at 05:44