DVWA SQL-Injection

Previous Next

Let's bypass the login and database of the website

How to do SQL Injection

In a SQL injection attack, malicious code is inserted at the end of the website URL in the input fields or address bar. By using it, you can delete, modify or steal the data by entering the database of a website.

  1. Error-based SQL Injection
  2. Union-based SQL Injection
  3. Blind SQL Injection
  4. Out-of-band SQL Injection

1. Error based

An attack in an error SQL intentionally inserts a query in which the server must fetch from the database and show some error and take advantage of it and hack the whole thing.

2. Union based

The UNION SQL operator combines the results of two or more SELECT statements into a single result.

3. Blind SQL based

Blind SQL is a type of attack in which the attacker passes a question type query that answers yes or no to the database after the execution

4. Out-of-band(OOB) SQL based


💡 In simple word command injection is performed where the page is executing a command

Security Low

  1. Open the command injection page on dvwa, also available in mutillidae
  2. First, copy paste the given command to understand what it does.
  3. The command on this page is being injected because the ip address given here is output by pinging the address,
  4. And ping is the code of a command so we can inject any workable command here
admin' or '1=1

Security Medium

Tool needed : Burpsuit

  1. Open the burpsuit and intercept the page
  2. now replace the id value as like that in example
1' or 1=1

Now click on the farword button

Security High

  1. Choose security mode on High
  2. Now click Sql enjection and Click here to change your ID.
1' or 1=1

Now click on the Submit button

Union Based Attack

In this attack, we will learn how tables, columns and values are extracted from the database.

💡 We are currently testing on a low security mode. If you want, you can try the medium and high label by following the example given above.

Check the total column in database

In this we intentionally enter the column number. So that we can know that there are no more columns than this. And in this way we get to know how many columns are in the database

abc' ORDER BY 1,2,3 #
  1. Enter this cybNg' ORDER BY 1,2,3 # code in the input box and submit
  2. Now you will see an error like Unknown column '3' in 'order clause'

Now click on submit button

Now you will see an error, this means that the value (1,2,3) for the column you have given is probably more or less, so you have to check each time until you see an error.

Now check again with only (1,2)

cybNg' ORDER BY 1,2 #

As soon as you check (1,2), you see no error. This means that there are 2 columns in this table.

Get table name of database

cybNg' UNION SELECT table_name,null from information_schema.tables WHERE table_schema=database() #

Here we find two table that name is guestbook and users

Get column name of database

cybNg' UNION SELECT column_name,null from information_schema.columns WHERE table_schema=database() #

Here we find many column name like that comment_id , comment and name etc.

Get column Value of database

cybNg' UNION SELECT user,password from users #

Here we find many column value where username and password like that admin , 5f4dcc3b5aa765d61d8327deb882cf99t (md5 encoded) etc.

💡 You can also use the sqlMap tool for SQL injection.

Previous Next
cybNg Designed for learning, testing and training. Examples are simplified to improve reading and basic understanding, tutorials and examples are constantly reviewed to avoid over-comprehension and errors, but we cannot warrant the complete accuracy of all content. While using this site, you agree to read and accept our use, cookie and privacy policy. All the information given in it is made for education purpose only, there will be no responsibility of this website or this organization for misuse of the information given in it. We hope that all the information provided in it is good for our students. So that it helps improve the cyber world.