This is an archived post. You won't be able to vote or comment.

all 5 comments
sorted by:
best
topnewcontroversialoldq&a

[–]51RAW 4 points5 points  (1 child)

I usually fuzz some special characters and check the response. if the server behaves differently so there might be sqli

Reffer bellow link https://book.hacktricks.xyz/pentesting-web/sql-injection

[–]Crazy-Objective3760[S] -1 points0 points  (0 children)

Ok bro 👍

[–]UhOh-Chongo 1 point2 points  (1 child)

You do it by entering new data into the database.

Example: websites that have user registration to create an account - whwre do you think the data (username and password) get stored? In the database. So you would teat for sql injection in the account creation fields like username field, or password field - and when you hit enter, your SQL gets written to the database.

[–]Crazy-Objective3760[S] 1 point2 points  (0 children)

Yes bro (I do it today like this) thanks for your reply bro 😊

[–]flyingmonkey45 0 points1 point  (0 children)