Google helps you to find Vulnerable Websites that Indexed in Google Search Results. Here is the latest collection of Google SQL dorks. More than a million of people searching for google dorks for various purposes for database queries, SEO and for SQL injection.

SQL injection is a technique which attacker takes non-validated input vulnerabilities and inject SQL commands through web applications that are executed in the backend database.

It is very easy and all we need to use the advanced operators in Google search engine and to locate the results with the strings. SQL injection currently ranked #1 on the OWASP Top 10 chart which means that it is responsible for a large portion of public disclosures and security breaches.

With the advanced operators, you can locate specific vulnerabilities in the web applications. If the website is vulnerable attackers can locate login pages, Private folders, server Vulnerabilities and files that containing login credentials.

Common SQL Injection Threats

  • DOS attacks.
  • Tamper Data Base records.
  • Privilege Escalation.
  • Identity Spoofing.
  • Data Disclosure.

Google SQL Dorks – 2018

Here is the collection of Here is the  Latest collection of Google SQL Dorks List Collection for SQL Injection 2018.

Common Mitigations

1.Whitelist untrusted data

What do we need to trust?
Does it adhere to expected patterns?

2. Parameterise of SQL Statements

Separate the Query from the input data.
Typecast each operator.

3. Fine tune DB Permissions

Segment accounts of admin and public.
Apply “the principle of least privilege”.

Suggested Tools to check for SQL injection Burp Suite, ZAP, Vega, SQLMAP, SQLSUS.


Leave a Comment