Scribd
Upload
36 views

AIM: Learn To Use Manuel SQL Injection Using DVWA. Solution:S

This document provides instructions for performing SQL injection on a vulnerable web application. It explains how to exploit vulnerabilities in the application's SQL queries by entering special characters and strings into input fields. This allows retrieving all data from a table without a matching user ID, and discovering the database version number by appending a UNION query. The goal is to learn how SQL injection works by experimenting with these techniques on a non-production system.

Uploaded by

Mehul
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
36 views

AIM: Learn To Use Manuel SQL Injection Using DVWA. Solution:S

This document provides instructions for performing SQL injection on a vulnerable web application. It explains how to exploit vulnerabilities in the application's SQL queries by entering special characters and strings into input fields. This allows retrieving all data from a table without a matching user ID, and discovering the database version number by appending a UNION query. The goal is to learn how SQL injection works by experimenting with these techniques on a non-production system.

Uploaded by

Mehul
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

130470105017 PRACTICAL N

AIM: Learn to use Manuel SQL injection using DVWA.

SOLUTION:S
SQL Injection Menu

Instructions:
Select "SQL Injection" from the left navigation menu.

Basic Injection

Instructions:
Input "1" into the text box.
Click Submit.
Note, webpage/code is supposed to print ID, First name, and Surname to the
screen.
Notes(FYI):
Below is the PHP select statement that we will be exploiting, specifically $id.
$getid = "SELECT first_name, last_name FROM users WHERE user_id = '$id'";
130470105017 PRACTICAL N

Always True Scenario

Instructions:
Input the below text into the User ID Textbox (See Picture).
%' or '0'='0
Click Submit
Notes(FYI):
In this scenario, we are saying display all record that are false and all records that are
true.
%' - Will probably not be equal to anything, and will be false.
'0'='0' - Is equal to true, because 0 will always equal 0.
Database Statement
mysql> SELECT first_name, last_name FROM users WHERE user_id = '%' or '0'='0';
130470105017 PRACTICAL N

Display Database Version

Instructions:
Input the below text into the User ID Textbox (See Picture).
%' or 0=0 union select null, version() #
Click Submit
Notes(FYI):
Notice in the last displayed line, 5.1.60 is displayed in the surname.
This is the version of the mysql database.
130470105017 PRACTICAL N

You might also like