Table Of Content :
- Most known SQLi error vulnerability
- Less known error dorking
- True errors
Most Known SQLi Error Vulnerability
This is by far the most universally exploited vulnerability on the face of the planet when it comes to SQLi. Simply put; The database has an error that has been rendered and displayed prior to the indexing to the Google Index of Websites. What we call the internet for the most part. We usually use Google to find our sites and their SEO pages, some developers prematurely post
updates and releases to the Google index which result in errors being publicly visible and accessible before evenloading up the website. This is a critical flaw and has been exploited for
almost an entire decade.
This method works by multiple methods, being the most successful of them is using the search function, ‘intext:’ to target the SQL error that follows this search function. These Dorks are
usually accompanied by keywords and other targeting strategies like default and common page methods, tobe elaborated on further into the book. The main method to finding your initial error messages is to go find a site that has an index of them.This is usually found on the vendors site directly. From there you just need to find errors that present on the front end of the site and have some fun, find a huge list and just expand it constantly. This method of Dorking has proven useful to individuals in the community, although not perfect it can present some success. It’s suggested to play with this at least once with Dorking, it’s a lot of funmaking a list and getting started, and it’s rewarding in the end as you might find something really cool.
As seen in this example, the get parameter, ‘id=’ is
being searched. The error that is being searched for on
the page HTML is, “Warning: mysql_fetch_assoc()”.
With this information Google has derived almost
twenty-eight thousand URL’s from its index.
And with no surprise this Dork has extracted
parameters called ‘id’ in the search and obtained
targets with the error message in the text. This
is a Successful Query.
This Dork’s entire goal is to obtain URL’s with the
parameter and a vulnerability message. The parameter
is to gain an entry point and the error message is to
find publicly known and vulnerable sites.
If this isn’t clear, the error messages go where the data from the database SHOULD HAVE been. This form of Google Dorking has been abused since 2010, it is not a private method and I will not spend time compiling a list of hundreds of these error messages. You have a brain; you’ve proven that by obtaining this book and reading this far. Google a target of yours, the ability to think independent is what makes you good at this field. Not by following a guide word for word.
Less Known Error Dorking
Less known error Dorking is the same error Dorking as above. But with a stance of logic. By going through SQL errors like the ones above, you can find a list of new errors to target,
probably less abused and therefore can render some HQ results. This is extremely powerful and is suggested to experiment with.
In the above images there are lists of errors on the page. Grab one you don’t have in your list like:“Warning: mysql_fetch_array() expects parameter 1 to be resource” then go Google this query
intext:“Warning: mysql_fetch_array() expects parameter 1 to be resource”
Then go back to step one, find new errors and do it again. Adding to your list.This is useful form of Dorking and can still reap results. Another way to expand this success rate is to add parameters to the search. This is because it will increase the injection rates and get unique URL’s. Enjoy!
True Error | Unsearched but Practical
True Error Dorking. Truth is, you cannot target it. The best you can do is target sites with parameters, Post or Get and attempt to use syntax mistakes and evil queries to result in an
error to exploit. If it were targetable like the first one, it wouldn’t be feasible to target something so publicly accessible, it’s like trying to find a dictionary when you have Google in your pocket, it’s counterproductive and wastes time. I see the fascination with the first part of this chapter though, and so I’ve included and elaborated on it.