Lab - Manual SQL Injection
Lab - Manual SQL Injection
I. INSTRUCTION:
1. Follow the instruction from PDF attachment, but do not submit it.
2. Submit this Word document!
2. DVWA
Could you do the SQL injection successfully with “Medium” or “High” DVWA
Security level? Please explain.
It cannot be done because the device already has an input check step, so it
cannot have special characters like %,@,...
Display all the columns field contents in the information_schema user table
(III.10) (screen capture).
3. PASSWORD DECRYPTION
ID: %' or 0=0 union select null, version() #
First name:
Surname: 5.0.51a-3ubuntu5