Hey folks π
As part of my self-learning journey into cybersecurity, I wanted to better understand SQL injection β not just by reading, but by testing. So I built a small command-line tool to help simulate and detect potential SQLi patterns in GET parameters.
π οΈ The Tool
Itβs nothing fancy β just a simple PHP script that:
- Takes a URL with query parameters
- Injects common SQLi payloads (like
' OR 1=1 --) - Sends requests and checks for keyword-based anomalies in responses
π GitHub repo: SQL Injection Tester
π€― What I Broke (and Fixed)
At one point, I tested this against a test WordPress site I set up... and accidentally messed with a pluginβs query.
Nothing crashed, but I got a good scare. Lesson learned: always test safely π
π§ What I Learned
- The difference between reflective vs blind injection
- How servers react differently to invalid queries
- Why pattern matching alone isn't enough for real detection
π Whatβs Next?
Iβm thinking of:
- Adding POST support
- Highlighting response diffs
- Maybe integrating with Burp logs later?
If youβre learning security too, check it out. Itβs raw and beginner-level, but Iβm proud of it!
Cheers,
Mohammad
Top comments (0)