I Built a Simple SQL Injection Test Tool (and Broke My Own Site in the Process 😅)
#cybersecurity#php#websecurity#infosec
Mohammad Shams

Mohammad Shams @smdevlog

About: 🛡️ Aspiring cybersecurity engineer sharing my journey from Android dev 👨‍💻 to infosec learner 🔍 | Building small tools & writing in public 🚀 | Bash, Linux, PHP | Open to collab 🤝

Joined:
Jun 24, 2025

I Built a Simple SQL Injection Test Tool (and Broke My Own Site in the Process 😅)

Publish Date: Jun 29
0 0

Hey folks 👋

As part of my self-learning journey into cybersecurity, I wanted to better understand SQL injection — not just by reading, but by testing. So I built a small command-line tool to help simulate and detect potential SQLi patterns in GET parameters.

🛠️ The Tool

It’s nothing fancy — just a simple PHP script that:

  • Takes a URL with query parameters
  • Injects common SQLi payloads (like ' OR 1=1 --)
  • Sends requests and checks for keyword-based anomalies in responses

🔗 GitHub repo: SQL Injection Tester

🤯 What I Broke (and Fixed)

At one point, I tested this against a test WordPress site I set up... and accidentally messed with a plugin’s query.

Nothing crashed, but I got a good scare. Lesson learned: always test safely 😅

🧠 What I Learned

  • The difference between reflective vs blind injection
  • How servers react differently to invalid queries
  • Why pattern matching alone isn't enough for real detection

📌 What’s Next?

I’m thinking of:

  • Adding POST support
  • Highlighting response diffs
  • Maybe integrating with Burp logs later?

If you’re learning security too, check it out. It’s raw and beginner-level, but I’m proud of it!

Cheers,

Mohammad

Comments 0 total

    Add comment