According to your description, you want to check if your website is vulnerable or not.
Firstly, you need to check sql injection.SQL injection is the attempt to issue SQL commands to a database through a website interface, to gain other information. Namely, this information is stored database information such as usernames and passwords.
First rule of securing any script or page that attaches to a database instance is ‘Do not trust user input’.
For example:
SELECT username,password FROM users WHERE username='$username'
By appending a ' to that statement, you could then add additional SQL paramaters or queries.: ' OR username –
SELECT username,password FROM users WHERE username='' OR username -- '$username
More information about sql injection, please try to refer to the links below:
# Testing if a site is vulnerable to Sql Injection
Member
373 Points
148 Posts
How to check my site is Vulnerable?
Sep 28, 2013 11:11 PM|coderbd|LINK
Hello,
This week I launched a website. I know that site is vulnerable. I'm not expert in this section. Please help me to trace site problem.
best regards
ehsan
Happy Coding... :)
Ehsan Munna
Contributor
3997 Points
432 Posts
Re: How to check my site is Vulnerable?
Sep 30, 2013 03:48 AM|Lisa Zhang - MSFT|LINK
Hi ehsan,
According to your description, you want to check if your website is vulnerable or not.
Firstly, you need to check sql injection.SQL injection is the attempt to issue SQL commands to a database through a website interface, to gain other information. Namely, this information is stored database information such as usernames and passwords.
First rule of securing any script or page that attaches to a database instance is ‘Do not trust user input’.
For example:
By appending a ' to that statement, you could then add additional SQL paramaters or queries.: ' OR username –
More information about sql injection, please try to refer to the links below:
# Testing if a site is vulnerable to Sql Injection
http://stackoverflow.com/questions/10281349/testing-if-a-site-is-vulnerable-to-sql-injection
# How to find out if a website is vulnerable to SQL Injection?
http://thecybersaviours.com/how-to-find-out-if-a-website-is-vulnerable-to-sql-injection
Besides, there are other methods to check if a website is vulneralbe or not.
Please try to read articles below:
# How to find a Vulnerable Website?
http://www.hackyshacky.com/2013/03/how-to-find-vulnerable-website.html
# 5 ways your website is vulnerable to security attacks (Part 1)
http://blog.asmallorange.com/2011/11/5-ways-your-website-is-vulnerable-to-security-attacks-part-1/
# Step 6: Identify the vulnerability
https://support.google.com/webmasters/answer/3013681?hl=en
Best Regards,
Lisa Zhang