DVWA: Check SQLi vulnerability
Berikut ini kita akan menggunakan DVWA SQLi. Siapkan DVWA:
- Browse ke DVWA http://192.168.0.100/DVWA-1.9/security.php
- Set Low > Submit
- Masuk ke http://192.168.0.100/DVWA-1.9/vulnerabilities/sqli/
Untuk mencek SQLi vulnerability, seorang hacking kadang menyelipkan perintah berikut.
1' or '0'='0 1' or '1'='1 1' or '2'='2 1' or '3'='3 1' or '4'='4 %' or '0'='0
Deteksi SNORT
snort rules untuk mendeteksi
alert tcp any any -> 192.168.0.100 80 (msg:"0'='0"; content:"0%27%3D%270"; nocase; classtype:web-application-attack; sid:1000023;) alert tcp any any -> 192.168.0.100 80 (msg:"1'='1"; content:"1%27%3D%271"; nocase; classtype:web-application-attack; sid:1000024;) alert tcp any any -> 192.168.0.100 80 (msg:"2'='2"; content:"2%27%3D%272"; nocase; classtype:web-application-attack; sid:1000025;) alert tcp any any -> 192.168.0.100 80 (msg:"3'='3"; content:"3%27%3D%273"; nocase; classtype:web-application-attack; sid:1000026;) alert tcp any any -> 192.168.0.100 80 (msg:"4'='4"; content:"4%27%3D%274"; nocase; classtype:web-application-attack; sid:1000027;) alert tcp any any -> 192.168.0.100 80 (msg:"5'='5"; content:"5%27%3D%275"; nocase; classtype:web-application-attack; sid:1000028;) alert tcp any any -> 192.168.0.100 80 (msg:"6'='6"; content:"6%27%3D%276"; nocase; classtype:web-application-attack; sid:1000029;) alert tcp any any -> 192.168.0.100 80 (msg:"7'='7"; content:"7%27%3D%277"; nocase; classtype:web-application-attack; sid:1000030;) alert tcp any any -> 192.168.0.100 80 (msg:"8'='8"; content:"8%27%3D%278"; nocase; classtype:web-application-attack; sid:1000031;) alert tcp any any -> 192.168.0.100 80 (msg:"9'='9"; content:"9%27%3D%279"; nocase; classtype:web-application-attack; sid:1000032;)