Disclaimer: Attacking a website’s database is highly illegal without prior mutual consent, MyHacker and App Developers Won’t be responsible for your actions. This Tutorial and Tool Is Just for Penetration Testing and Ethical Purposes. – SQL Injection on android
SQL Injection On Android
- First of all, you have to download an app named DroidSQLI (Download HERE)
- Install the app on your android smartphone
- Now you should have little knowledge of Google dorks.Here some of the Google dorks vulnerable to SQL injection:about.php?cartID=accinfo.php?cartId=
Here get 2000+ Dorks for SQL Injection (Download Google Dorks HERE)
Now Let’s Proceed To SQL Injection on Android
- Now you may want to know “what are the injection techniques DroidSQLi supports”. If yes, take a look:
- Time based injection
- Blind injection
- Error based injection
- Normal injection
Wait…did I forget something? Yes…. I didn’t tell you how to find SQL vulnerable sites.
- Let’s take an example to describe the process in step by step manner:For example:1. Let’s take a google dork link
2.Copy and paste this link to Google.
3. Now tap on any connection that you wish to infuse with SQL for eg:
4. Copy the entire URL
5. Open DroidSQLi and Paste the copied URL in Target Box.
6. Now hit Inject
6. Now You will see Databases Listed up, for instance here you can see 2 databases listed up. For now, we will be interested in “atozpictures” database.
7. Now Tap on all the pieces of information you want to get, ex- username, pass, email.
8. Hit on “Get Records”, And Wait Few Moments. (might take some time depending on website)
And here you are, with all in information inside that database, all usernames, passwords emails..
This is an experimental attack, in real life you may come up with more sensitive information like credit card details if so contact the admin of website asap (don’t get tempted by the greed of joining the dark side). <Happy Hacking/>
Recommended: Hack WiFi With Android [NO ROOT]