Can Someone With Experience Answer This Because Im Hella Confused

[195]

Okay, so when people use dork searcher to find urls and use sqli dumper to find vulnerable websites derived from those URLs, how are people able to use injection attacks to specific databases like yahoo, or southwest airlines for instance. Do this sites have vulnerablilities? Does every site have vulnerabilities?, Im relatively new to creating my own combos, and I only seem to get 2 injectable links, and it always turns out to be some random asian website, and I just get stumped. How are people able to get databases like yahoo or aol and be able to dump combos from them? Are there better tools to do so, since ive been using SQLI Dumper 19.3, and Dork Searcher V3. I would really appreciate the help on this, thank you.

[990]

backlinks, mostly done through a phishing attack though big ones passwords are usually hashed really well and really hard to dehash so they're pointless for combos.. best bet for combo making is a phishing attack, sql injection is basically dead only shit sites now and all is hashed really well

[195]

backlinks, mostly done through a phishing attack though big ones passwords are usually hashed really well and really hard to dehash so they're pointless for combos.. best bet for combo making is a phishing attack, sql injection is basically dead only shit sites now and all is hashed really well

Can you please elaborate on  "phishing attack'? Thank you!

[990]

backlinks, mostly done through a phishing attack though big ones passwords are usually hashed really well and really hard to dehash so they're pointless for combos.. best bet for combo making is a phishing attack, sql injection is basically dead only shit sites now and all is hashed really well

Can you please elaborate on  "phishing attack'? Thank you!

so basically theyd gather a list of the staffs emails like everyone who works there and theyd send out a mass attack of like a macro'd word file to run a rat or smthing, then once they have access theyd keep escalating they're privilege's by sending to co-worked and through the network, or for combo making you'd get a huge list of emails from a breach for example and then mass sending fake password request and getting people to enter theyre info through there, like doing it on like a massive scale would get good results