-2

I am learning about SQL injection and Google dorks. I have seen that there are three file types that can be vulnerable to SQL injection, .php, .aspx and one more.

I can't find the third one... The first two are related to the server side, so the third one should be that too. At the start I thought .html might be good, but then I understood that I need something related to server side.

Anders
  • 64,406
  • 24
  • 178
  • 215
Daniel
  • 17
  • A few things: 1) what is your question? 2) how do you expect to find server-side files accessible from the Internet (and by extension, Google)? 3) Why is html not acceptable for SQL injection? 4) are you aware that modern sites do not always use file extensions when serving files? – schroeder Sep 10 '18 at 14:05
  • then what would be the best format to find sqli injection – Daniel Sep 10 '18 at 14:12
  • You find SQLi vulnerable sites by testing each site. A Google dork on file type is not going to tell you whether the site is coded properly or not. – schroeder Sep 10 '18 at 14:15

2 Answers2

1

You are right that there needs to be a server side language involved, and not just static HTML, for there to be room for any SQLi vulnerabilities. This Wikipedia article has a list of common server side scripting languages, together with file extentions. As an example, you could add .jsp to your list.

But, and this is an important but, the file extention does not necessarally tell you anything what technology or language the server is using. Nowadays, it is quite common to configure your webservers without any extentions at all in the path. And it is easy to set up a server working in unexpected ways, e.g. running PHP scripts from files ending in .html.

Besides, just because a site uses a certain language doesn't mean it's vulnerable. If the page is properly coded, you will be out of luck anyway.

So searching on file extentions is not a very precise way of finding vulnerabilities.

Anders
  • 64,406
  • 24
  • 178
  • 215
0

Any script or program that runs on a server and connects to a database may be subject to SQL injections if it does not take the appropriate measures. Php and Aspx are just examples, but any other language/technology could face the same issue, including perl, C, C#, Java, Ruby, Python, Node.js (Javascript) and many more. Conversely, it's not because it's PHP that it will necessarily be subject to SQL injections.

There's a strong correlation between the "learning curve" and the frequency of SQL injection, because languages/technologies for easy learning curves (like php) tend to draw more inexperienced programmers which may in turn make more such errors, but it's definitely not an absolute link.

Also, using the same language (such as php), someone coding using a higher-level framework such as Symfony or Drupal which add abstractions layers between the SQL database and the programmer is probably less prone to SQL injections than someone who uses directly the low-level SQL query functions.

As explained by Anders, the visible extension (or lack thereof) is also not necessarily an indication of the actual language or technology.

jcaron
  • 3,365
  • 2
  • 15
  • 22