This content originally appeared on DEV Community and was authored by Mohammad Shams
Hey folks 👋
As part of my self-learning journey into cybersecurity, I wanted to better understand SQL injection — not just by reading, but by testing. So I built a small command-line tool to help simulate and detect potential SQLi patterns in GET parameters.
🛠️ The Tool
It’s nothing fancy — just a simple PHP script that:
- Takes a URL with query parameters
- Injects common SQLi payloads (like
' OR 1=1 --) - Sends requests and checks for keyword-based anomalies in responses
🔗 GitHub repo: SQL Injection Tester
🤯 What I Broke (and Fixed)
At one point, I tested this against a test WordPress site I set up... and accidentally messed with a plugin’s query.
Nothing crashed, but I got a good scare. Lesson learned: always test safely 😅
🧠 What I Learned
- The difference between reflective vs blind injection
- How servers react differently to invalid queries
- Why pattern matching alone isn't enough for real detection
📌 What’s Next?
I’m thinking of:
- Adding POST support
- Highlighting response diffs
- Maybe integrating with Burp logs later?
If you’re learning security too, check it out. It’s raw and beginner-level, but I’m proud of it!
Cheers,
Mohammad
This content originally appeared on DEV Community and was authored by Mohammad Shams
Mohammad Shams | Sciencx (2025-06-29T05:28:00+00:00) I Built a Simple SQL Injection Test Tool (and Broke My Own Site in the Process 😅). Retrieved from https://www.scien.cx/2025/06/29/i-built-a-simple-sql-injection-test-tool-and-broke-my-own-site-in-the-process-%f0%9f%98%85/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.