This whole week, I worked on the different ways to attack on a website to
get to their database. I did this using SQL injection, I have known about SQL
injection from a long time now but I never got an opportunity use them on live
website (as using them on a website is illegal). But I found out some websites
which allows user to test their skills. I performed the injections on my favorite
'dvwa'.
The first attack I performed on the low security level of dvwa and it is very is easy to find out that the web app is vulnerable, By just putting a small '(quote) in the input field and hitting the submit button, I found out that the app runs on a MYSQL server and then I decided my further steps to penetrate the app.
I first found out number of column present in the database. I did this using the ‘order by’ luckily it just took me three tries to find out the exact number of columns as it is 3. Now I found out the database and the version of database. The version of database was above 5.6.1 so I could use the usual ‘union based injection’ on this web app.
Using the union command of SQL and a single quote I found out the names of tables and columns in the database and then, I got access to the table where the usernames and passwords were stored
The first attack I performed on the low security level of dvwa and it is very is easy to find out that the web app is vulnerable, By just putting a small '(quote) in the input field and hitting the submit button, I found out that the app runs on a MYSQL server and then I decided my further steps to penetrate the app.
I first found out number of column present in the database. I did this using the ‘order by’ luckily it just took me three tries to find out the exact number of columns as it is 3. Now I found out the database and the version of database. The version of database was above 5.6.1 so I could use the usual ‘union based injection’ on this web app.
Using the union command of SQL and a single quote I found out the names of tables and columns in the database and then, I got access to the table where the usernames and passwords were stored
Post a Comment