-> DVWA - Damn Vulnerable Web Application
-> Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable.
-> What is a SQL Injection?SQL injection
-> This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., copy/dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in an application's software.
-> The vulnerability happens when user input is eithe incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL or other database.
Now lets starts practicle:>
DVWA (windows)
-> I'm using xammp for apache (server) -> login in to DVWA (address - 127.0.0.1 (localhost))
-> after login go to the DVWA security option and select secuirity as low and "submit"
-> Now select sql injection :
-> Type 1 And submit:
--> See i get all the columns with type of users table
-> Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable.
-> What is a SQL Injection?SQL injection
-> This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., copy/dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in an application's software.
-> The vulnerability happens when user input is eithe incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL or other database.
Now lets starts practicle:>
DVWA (windows)
-> I'm using xammp for apache (server) -> login in to DVWA (address - 127.0.0.1 (localhost))
-> after login go to the DVWA security option and select secuirity as low and "submit"
-> Now select sql injection :
-> Type 1 And submit:
-> Type 2 And submit : what we have :id , first name and surname
-> Now lets see the source code for low security
$id = $_GET['id'];
$getid = "SELECT first_name, last_name FROM users WHERE user_id = '$id'";
$result = mysql_query($getid) or die('<pre>' . mysql_error() . '</pre>' );
$num = mysql_numrows($result);
$i = 0;
(we can see its a very simple query without any security so we can easily break this )
-> as we know how to check sql vulnerabilities same as (1') (eg. php?id=1')
-> Error msg -> You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1''' at line 1
hahahah-> so simple now we can recognize it's a sql vulnerable
-> now easily write in a text box ---> 1' or '1' = '1 then "submit"
-> Now we can see we get all the information which is stored in current database
-> Now set DVWA security to Medium
-> Lets check source code first
-> In the source code ---> $id = mysql_real_escape_string($id);
-> we can say developer set some security here for sql injection
-> As per above write 1' in the text box and "Submit"
-> In medium security the error is diffrent from low security
-> you can also google for this error for more understanding
-> Now the real task begins...
-> im using tamper add-ons here for tampering data...you can download it from add-ons shop (Mozila firefox)
-> At the time of submiting value i'm using tamper
-> Now i'm using sqlmap
-> you can download sqlmap from --->>> http://sqlmap.org/
-> for sqlmap you need python --->>>https://www.python.org/downloads/
-> In sqlmap copy url and past it after -u ".." command
-> Now from tamper copy cookies and past it after cookie=" .." command
--> we want database system so we are usind --dbs command
-> after hit enter we get details about --OS,Webserver ,BAck-end DBMS ,and Web app Technology
-> And also we get all the database which is stored in dbs
-> For current database use --current-db command at the last ..
--> dvwa is our current database ...
--> Now we want all the the tables which contain by current database..
so im using -D dvwa --tables at last..
-> From current database we get 2 tables 1> guestbook
2> users
--> Now for colums of perticular table use -T (table name) --columns
--.> I'm doind on "users "table
--> See i get all the columns with type of users table
--> Now i want to copy/dump all the data which is contain by users table
--> So i'm using -T users --dump
--> See i got all the data and sqlmap also store all the data at your system drive-D:\ \users\name\.sqlmap\output\127.0.0.1' folder in csv formate..
Same technique try on high security and tell me what is the output and Is it possible to get data same as medium security or not...!!
Very good tutorial , I give you 95%, I needed to see for high level
ReplyDeletehiiii
ReplyDeleteA great content material as well as great layout. Your website deserves all of the positive feedback it’s been getting. I will be back soon for further quality contents. Salesflow
ReplyDeleteyoutube vimeo | videodl.cc
ReplyDeleteyoutube vimeo.com. youtube vimeo.com. youtube vimeo youtube vimeo, youtube vimeo youtube, youtube downloader youtube vimeo youtube vimeo youtube. youtube vimeo youtube. youtube vimeo youtube. youtube vimeo youtube. youtube
Wynn Casino Resort - MapYRO
ReplyDeleteWynn Las Vegas and Encore 삼척 출장안마 Las Vegas feature two luxury hotel towers - The 3.5-star Encore at Wynn Las Vegas feature two luxury hotel towers 공주 출장마사지 - The Rooms 화성 출장샵 at Wynn Las Vegas and Encore 경기도 출장샵 Las Vegas feature 공주 출장샵 two luxury hotel towers