Add ‘ after id=**** Now, if u are getting an error or a blank page after addition of ‘ then site is accepting sql commands from address bar of browser , which means site is vulnerable to sql injection.
But since we are hacker :p , we are always interested in one table and that is the admin table so , look out for admin table in the list of displayed table names. Now here we chose the customer table because this is a shopping website and we want to shop from a user’s account so we will search for columns in the customer table by the following commands below
Now we get two column fields after executing the upper commands , that is strUsername strPassword
Now the limit fun. below will search for the username of the particular person with the id=1684 // here %20 in the url is not any command , it comes automatically once we execute our commands on the browser