The search query inurl:pk id=1 is a specialized Google dork used to identify web pages with URL parameters that suggest a primary key (pk) being passed to a database query. This pattern is common in dynamic web applications where pk stands for "primary key" and id=1 is a typical test value.
The search query inurl:pk id 1 is a highly specific Google Dork (or search operator) commonly used by both cybersecurity professionals and malicious actors. It is designed to locate web applications that utilize numeric Primary Keys (PK) in their URL structures and are currently displaying the first record in a database (ID 1).
The primary threat associated with this query is SQL Injection (SQLi) and Insecure Direct Object Reference (IDOR). When developers expose database row identifiers in URLs without proper access controls or parameterized queries, attackers can manipulate the id parameter to extract, modify, or delete unauthorized data.
If a site appears in such a search, it may be vulnerable to: inurl pk id 1
| Vulnerability | Example Impact |
|---------------|----------------|
| SQL Injection | pk=1' OR '1'='1 – dump database contents |
| IDOR | pk=2 – view another user's profile or order |
| Broken Access Control | No server-side re-validation of the pk value |
Let's walk through a hypothetical attack using inurl:pk id 1.
Step 1: Discovery
An attacker goes to Google and types inurl:pk id 1. Google returns 1,200 results. Among them is:
https://www.example-shop.com/view.php?pk=1&id=1 The search query inurl:pk id=1 is a specialized
Step 2: Reconnaissance
The attacker tries to break the query by typing in the browser:
https://www.example-shop.com/view.php?pk=1'&id=1
The server returns:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version..." If a site appears in such a search,
Bingo. The attacker now knows the site uses MySQL and is vulnerable to injection.
Step 3: Exploitation
The attacker uses a tool like sqlmap or manually crafts a payload to extract data:
?pk=1 UNION SELECT username, password FROM admin_users&id=1
Step 4: Data Breach Within minutes, the attacker has dumped the entire database: customer emails, hashed passwords, credit card numbers, and internal admin credentials.
All because of a simple, indexed URL containing pk id 1.