(28 June, 2019 - 01:20 PM)KrazyD83 Wrote: Show MoreOk ive been trying to learn this all on my own for the last few months and i swear there is something missing from the videos ive watched and the chat forums ive got into and chatted with. I would really love some help from someone and not have to give out more money for a program that doesnt work or a list that only gets me one account. Please anyone that actually knows what they are doing. I really hope someone can help me out and not rip me off like the past people ive asked for help. Thanks for your time and reading this. Happy hoildays everyone
I won't offer "private" help so please don't PM me or anything I'll try to answer here when I can.
First off NOT all sites are vulnerable to a SQLI. Secondly, for this to be effective you have to understand what a SQLI is and that is you are manipulating a URL on the website to give an error---once that error is discovered you can likely use that error to gain access to the .DB and dump any information you want. Now of course you know about "dorks" so you have to have a successful dork to error out the URL and gain access to the .DB. Like I said though, not every site is vulnerable to a SQLI, websites pay big money to "white hat hackers" to scan their websites and seek out potential SQL line errors. So it could be that you are just targeting websites that are not vulnerable. I can tell you if you are targeting Facebook, Twitter, Spotify, Hulu and those you are unlikely to discover a dork---at least not on your own. I know Facebook had a recent vulnerability and they plugged it immediately and it was a cookie error not SQL related. Some hackers found out a way to gain access to the unique cookie identifier for users and exploited that information.
Now with all that said I am no expert by any means but, I HAVE dumped a .DB or two in my day but it was sites I found a SQL line error with using Havij. So I know it can be done with persistence and the right dorks.