/index.php?id=123' WAITFOR DELAY '00:00:05'--
Let’s dissect the query piece by piece: inurl -.com.my index.php id
Put together, the pattern attempts to find pages whose URLs include “index.php” and “id”, while excluding hosts or pages that include “.com.my”. inurl -.com.my index.php id
This is the gold standard. Instead of concatenating user input into SQL strings, use placeholders.
Vulnerable PHP code (DO NOT USE):
$id = $_GET['id'];
$query = "SELECT * FROM products WHERE id = $id";
Secure PHP code (USE THIS):
$id = $_GET['id'];
$stmt = $conn->prepare("SELECT * FROM products WHERE id = ?");
$stmt->bind_param("i", $id);
$stmt->execute();
If you are a system administrator for a .com.my domain, you should be using this dork defensively. /index
Even if errors are hidden, an attacker can use:
http://vulnerable-site.com/index.php?id=5 AND IF(1=1, SLEEP(5), 0)
If the page takes 5 seconds to load, the vulnerability exists.
It is crucial to understand where the line is drawn between security research and cybercrime. Let’s dissect the query piece by piece: inurl -