1. During discovering SQL injections in GET, how do I generate the link where I insert order by, must I login first? Because when Zaid what teaching this, the link was different until he logs in.
2. I also want to know if all SQL attacks must be performed on MyPHPAdmin login page, or if it can be performed on customer/visitors login page.
3. I also noticed that after scanning with dirb, some links like PhpMyAdmin is not working.. when I try to open the link on browser, the link will try to open the homepage of the main website itself instead of a phpMyAdmin login page.
4. All the php websites I’ve come across does not have links with ? I’d=1 on their forms page