Professional Documents
Culture Documents
Objective:
(i) To Study about SQL Injection
(ii) And to Perform SQL Injection in DVWA
Software Used: Here, we are using DVWA (Damn Vulnerable Web App)
it is an open source PHP/MySQL web application. Its main goal is to be an aid for
the security professionals to test their skills and tools in a legal environment. It
helps web developers better understand the processes of securing the web
applications.
Procedure: In this we will inject always true SQL statements into SQL
injection User ID field with security set to low.
1. Open Kali Linux as root user, set the network configurations.
2. Start Firefox, type this IP : (http:// 10.9.3.146/dvwa/vulnerabilities) in the
address bar.
3. Type in Username: admin Password: password click Login in the DVWA
login page.
4. Click DVWA security at left corner below, select the security to low click
submit button.
5. There will be a User ID: field, now type in 2 and click submit see what
happened.
Note, webpage/code is supposed to print ID, First name, and Surname to screen,
$getid= select first_name,last_name from users where user_id=$id ;
6. Always True scenario: Input the text below into the User ID textbox.
% OR 0=0 and click submit.
In this case, we are saying display all records that are false and all records that are
true. % will probably not be equal to anything, and will be false. Whereas
0=0 is true always.
7. Display Database Version: Input the below text into the User ID Textbox
%' or 0=0 union select null, version() #
Click Submit
8. Display Database User: Input the below text into the User ID Textbox
%' or 0=0 union select null, user() #
Notice in the last displayed line, root@localhost is displayed in the surname.
9. Display Database Name: Input the below text into the User ID Textbox
%' or 0=0 union select null, database() #
10. Display all tables in information_scheme: Input the below text into the User
ID Textbox.
%' and 1=0 union select null, table_name from information_schema.tables #
Click Submit Notes(FYI):
11. Display all the columns fields in the information_schema user table:
Input the below text into the User ID Textbox
%' and 1=0 union select null, table_name from information_schema.tables where
table_name like 'user%'#
Click Submit
Conclusion: