Finding SQLi Vulnerable Websites in a Web Server

SQL Injection (SQLi) vulnerability is not new and is one of the most dangerous vulnerabilities present in web applications . SQL injection is a very dangerous vulnerability and can lead to stealing of the data or even complete defacement of the website .

If anyone is targeting your website , it is not essential that they do so by attacking your website directly . What they can do is to look for SQL Injection vulnerability on any of the websites on your server or your IP . Once the server has been compromised , the websites hosted on it can also be compromised . Here is a trick to analyse the server for SQL injection vulnerabilities in the websites hosted on them .

During our Penetration Testing we often come across scenarios where we have to check the web sever for vulnerabilities . We might only be liable for penetration testing only the website , though sometimes other websites hosted on the same server might be vulnerable which imposes a threat to our target website too. So this post might be a guide to the penetration testers for quickly checking the web-server for any other websites hosted if vulnerable to SQL Injection .

First Thing we need to do is to get the IP address of the Website . For this you can simply Ping the website using command prompt in Windows or Terminal in Linux.

Now at this step we are aware of two things : The Domain of the website and IP address of the Website .

We need the help of an external tool here . What we exactly want is to Identify the websites hosted on this IP address. Luckily we have a website to our rescue . Yougetsignal.com . 

Please click on this link to find the other websites hosted on this web server .

This windows will give you the list of all the domains hosted on this web-server . All we need to do to find which of these websites is vulnerable to SQL Injection .

Open Bing Search Engine : 

In Search box type ip:x.x.x.x php?id= and click on search icon.
Must replace x.x.x.x with your selected server IP.

After that bing will search the sites which have extension php?id= like this  www.site.com/index.php?id=  and it will give u a list of sites which ends with this extension php?id= .

Now select any of one site and add ‘ after the url to check wheather site is vulnerable to SQL injection or not. If site is vunerable then its good if not then check other site from search result.

If found any site vulnerable to sql then Hack it using SQL Exploiter tools.

Else you can simple search for Google Dork files, which is a collection of websites vulnerable to SQL injection.