Go back Trends & News

SQL Injection: How Hackers Use Google to Find Vulnerable Sites

By Andre Luiz R. Silva on September 4, 2019

That’s right. Hackers use simple Google searches to find vulnerable websites and invade entire systems. This has been going on for a long time, and it is, in a way, quite simple. Even so, it is not hard to find victims affected due to carelessness.

 

How hackers use Google

The entire scheme begins with a simple Google search. Using so-called “dorks,” or refined query tricks on the search engine, they can see which sites have the most visible fields.

An example of this type of query is:

hackers-google-sites
In this field, we can find pages having the php file type (which is one of the programming languages used to develop sites) and, at the same time, the words “product” and “id” in the URL field. You can guess what happens after that, right? A site that leaves this type of data visible may provide breaches so that other important information can be found.

 

But how do hackers invade the sites they find?

After this apparently innocent Google search, the hackers invade the vulnerable sites with the help of a specific program. That program is indeed very simple to find (of course, we blurred the images and masked the illustration) and even has various YouTube tutorials:

sql-injection-google

 

SQL Injection: How does it work?

SQL injection is the name used for the intrusion technique used in the scam. The above-mentioned program applies an “injection” of SQL, which is a database search language. Several combinatorial analyses are done automatically on the URL fields (like those of the Google search), until the error pages start giving more information about the site’s data bank.

In other words, the hack succeeds through breaches and vulnerabilities that offer access to the site’s data bank. It’s not as if the hacker got into the settings panel that the developer has access to, though it is a place where all the information is stored.

In the example below, which is an image showing the program in use, we can see that Target is the URL in which tests will be carried out. The field to the left, with the checkboxes (⃞), is the menu for tables (or lists of information) to which the hacker is obtaining access. The results gradually appear in the box to the right. It’s where the “gold” shows up: emails, logins, passwords and even credit card numbers.

SQLInjection

 

Why do invasions from hackers occur?


1. Outdated sites

The older the site, the greater the chance of finding flaws, because security updates have not been applied. Constant vigilance is necessary to prevent development problems.


2. Small business sites

Smaller e-commerce sites are attacked because they’ve been incorrectly or inadequately developed. Unqualified site developers are often hired due to a lack of concern over security, which leads, obviously, to carelessness when it’s time to prevent problems.

Hackers sometimes look for clues in the webpage footnotes, where site developers take credit for their work; e.g., “Developed by...” After one successful invasion, it’s not difficult for the hacker to find other flawed sites that were done by the same developer, thereby locating a veritable cornucopia of sites that have the same or similar flaws.


3. Passwords stored “on a silver platter”

Many sites store passwords openly, right in an Excel spreadsheet. That is a terrible mistake! The correct way is to use hashes—data that has been scrambled in order to make identification more difficult.

Each password may have more than one type of hash, which can contain innumerable digits. That makes them more difficult to see. This does not prevent our beloved hackers from also having access to hash translation bases. So, don’t get upset by those sites that require various types of characters when you’re creating a password.

Another interesting way to find out if a site’s password storage is precarious is the “I forgot my password” function. If the site sends an email with a pure and simple password, it means that hashes are not used at all there.


4. Payment methods without secure intermediation

Some websites don’t use PayPal, Stripe or other secure methods for receiving payments. That is: they end up saving customers’ credit card data in their database.

 

What do the hackers do with the data they get?

Hackers who succeed in getting credit card data are involved in buying and selling card numbers (generally in lists), in order to steal anything possible from the victims. But with passwords, there are additional tricks. Passwords stolen from one site can be tested to see if they work at other sites, to further exploit the victim.

For example, if the credentials were obtained from a small e-commerce site, the hackers work with the principle that many people use the same password in several places. Using this technique, they may even get access to internal corporate systems by using the password of an employee who used the same code on the invaded e-commerce site.

 

How can I protect my data from hackers?

Your data or that of your employees may be vulnerable without the element that is most necessary in any security problem: awareness. Below are some basic tips that you may have seen before, but they are just what’s needed to protect your data from schemes like SQL Injection:


Don’t reuse the same password

Always change! Then if you become a victim of exposure (even using your best and longest password), you will have lost just one credential.


Do not use corporate emails just anywhere

Always separate what’s personal from what’s professional. And always warn your employees and colleagues about that! After all, corporate data is among the most targeted by cybercriminals.

 

Leverage Polaris for Advanced Threat Detection

Integrating advanced solutions like Polaris is essential to effectively combat sophisticated cyber threats such as SQL injection. Polaris is an AI-powered cyber intelligence platform that automates the detection and prioritization of cyber threats, enabling faster and more proactive responses. This AI-driven platform ensures that businesses can anticipate and mitigate risks before they lead to breaches, enhancing overall cybersecurity resilience.


Axur repudiates the fraudulent use of SQL Injection and any other criminal activity online. Our intent in publishing this report is to demonstrate the need for correct site development and security awareness. The General Data Protection Regulation (GDPR) has shown us that companies must now take responsibility in protecting the security of their consumers’ passwords and other data.

Our Threat Intelligence solution, which can monitor the deep web and dark web, is able to detect and identify various types of invasions and help to prevent future attacks.