Dorking is an art to understanding a Search engine and get desired output out of it. Like if I
want to get a eBook on google it’s hard to get that in our first result most of the time but a
dork can do it.
Let’s get this through an example:
Let’s say that the book we want is “Learn Python From Basics” and we want it as a pdf.
So I’ll Go to google and type:
ext:pdf “Learn Python From Basics”
And as a result google will provide me the URL which have a pdf in there of the book “Learn
Python From Basics”.
Now this can be done to any target with proper formatting of this dork as soon our result
isn’t banned by google.
Q- What is a Dork?
A dork is a search query which Engine reads and interpret to provide most relative result
which co-relates to query.
Q- Why we use Dork?
So simplest way of cracking is finding a website which is unprotected then exploiting
information compromising it’s lack of security measures and then use them for own
Q- How does Dorking works?
There are basically 3 Methods which can be used to Request Data, which are:
Get, Put and Post
Our Primary Search Engines (Google & Bing) Both uses Get method to request data.
Q- How Get method works and why we use this instead of other
- In Get method our data is put into the URL from the form as temporary data storage.
- This is the form we fill to request the data on google:
- This is Google using Get Method to Provide us result (Requested data is Underlined)
- Now let’s discuss about why we don’t use Put or Post method for SQL Injection.
- Basically thing is in Get method, we request a website to get us the data we want But when
- it comes to Post or Put we have to send Some payload there to Get Result back and we
- don’t be knowing the exact payload for the website so we will be needed to go through a
- long manual process to find specific payload and then start injecting malicious string which
- isn’t much good for us as it will take ages to get that.
Q- What is SQL injection and How it works?
We will Understand about SQL injection using information Given Below:
Now Let’s Understand work Function of SQL injection using below Diagram:
So Conclusion is that “data is input from some variable on a site, being user operated or
automatic in the functionality of the site. Data will be sent to the server (where the website
is hosted) and complete a task.