Welcome, Hacker.
Join the community to take advantage of all its opportunities
Sign up

Method Note about dorks and SQLi




Aug 4, 2019
  • Magneto
  • 50 Reputation
  • Diamond
A small note, just a couple of thoughts.

There is a file weighing 1.9GB, in which 28 928 366 lines. Rows are sorted, duplicates are deleted. Each line is a unique URL collected from the search results of Google, Bing and Yandex. As queries, unique keywords were used on a variety of topics (so that the issuance was as diverse as possible).

A little bit about the file.
We count the number of lines in which there is a symbol "=":


//Да это пыха, а что ты мне сделаешь?

$fh = fopen("serp.txt","r");


while($string = fgets($fh,4096)){

    if(strpos($string,"=")!== FALSE){




echo "With parameters: ".$i."\n"; fclose ($fh_dump);
Result: "With parameter: 2 735 730".

(CNC - human-readable urls).

If in percentage - 9.45% against 90.55%.

We checked on a dozen of these files - the result does not change much. Let’s omit the numbers, the numbers of the jerseys and the market do not export everything clearly and without them.

Trying to check for vulnerabilities only links with parameters (which are usually collected using PR1B @ ТНbI} {Д0Р0 | <), you miss most of the vulnerable resources. One can argue: What to do then? Havij / SQLi dumper / SIB / insert_svoy_soft does not break such links!

And the same sqlmap is able (and havij too).

Take this link:
To view the link, you must: Sign In or Sign Up
We can assume that here the number 3 is used as the parameter value. And we try to check it in sqlmap:

sqlmap -u “http://deduska-kroba.com/articles/id/3*/"

Just add * after the value we want to check. And if the parameter is vulnerable, then we will deal with the usual SQL injection.

The problem is that you won’t check millions of links using sqlmap, and it’s not for that.

For the test, I wrote a simple script (I think it is pointless to upload it - anyone will write it himself), made of shit, sticks and multicurl. Just a couple of days of work and the output is a result that rake in a couple of weeks ...

I hope the note was useful to you.

Or give an impetus to new ideas.

Members, viewing this thread

No members online now.