Quick SQL Injection Question

Recently, I was reading an article on hacking with Google. One of the examples was about searching "inurl index.php?id=" in Google to find SQL Injection vulnerabilities.

I'm confused, how is this associated with SQL injection.

It's a specific search term containing one of the most common variables where you'd find a likely sql injection point.  It'll pull up a list of sites where 1000 other people have already been before you looking for sql holes.

Google dorks are probably the first step for a lot of people as they try to find their first vulnerabilities in a 'real site. I suppose it's a lot like doing the challenges here and elsewhere, as it gains you valuable insight into where to look in order to find real security holes on your travels.

It's also the most likely search term to lead you to a Honeypot

Does that mean that websites who use the variable "id" are more prone to SQL Injection?

No, it could be absolutely anything before the = sign, Google dorks just bring up a list of sites all containing the targeted search term in their urls, then they can be quickly tested to see if they're vulnerable or not.

Got it, thanks.

pawnflow wrote: Recently, I was reading an article on hacking with Google. One of the examples was about searching "inurl index.php?id=" in Google to find SQL Injection vulnerabilities.

I'm confused, how is this associated with SQL injection.

Well this isn't associated with SQL injection. But it helps to find out the SQL vulnerable websites that you can use for SQL injection. If you don't want to use that. You can manually check website for vulnerability.