SQL Injection - II - Noah J Franklin

Technical Blog

SQL Injection - II

SQL Injection - II  


Install Vmware and DVWA Steps http://noahfranklin.blogspot.in/2015/06/how-to-setup-web-application-pentesting.html

Open dvwa and select SQL Injection TAB perform SQL Injection attack and collect the users information

Enter 1 and submit and see the response from the Database to the browser it shows ID 1 is belongs to Admin account

Increase the Number 2, 3, 4 etc in the below picture is 5 and see the response of the database it shows ID 5 is belongs to Bob

Type 6 and Submit and See the Response ID 6 is not belongs to any 1

Enter Single Quote ( ‗ ) on the right hand side ( next to ID=1 )
Ex:  localhost/dvwa/vulnerabilities/sqli/?id=1‘

Type Order by 1 comment on our browser and Hit Enter
The ORDER BY clause allows you to sort the records in your result set. The ORDER BY clause can only be used in SELECT statements. We need to find how many columns presented in this website Increase the Order by 2-- and so on until we get an error Msg like Unknown clause

Notice that each SELECT statement within the UNION must have the same number of columns. The columns must also have similar data types. Also, the columns in each SELECT statement must be in the same order. Use Union all select 1,2 because  the database of this website contain only 2 columns
Yes in this case Id is the field on which I have defined the clustered index. If the index is ID DESC then what..
And yes it would be nice to know how the performance would be affected if
Id is a clustered index + primary key.
Id is a clustered index and not primary key.
Id is a non clustered index ASC + primary key.
Id is a non clustered index ASC and not primary key. Id is a non clustered index DESC + primary key.
Id is a non clustered index DESC and not primary key. Id is just AutoIncrement

To check the version of the SQL use @@version
To Check the Database of that website use database ()

To Check the Table names presented on the this website use table_name from information_schema.tables
Table_name is a default name in sql for Table Name

INFORMATION_SCHEMA is the information database, the place that stores information about all the other databases that the MySQL server maintains. Inside INFORMATION_SCHEMA there are several read-only tables. They are actually views, not base tables, so there are no files associated with them, and you cannot set triggers on them. Also, there is no database directory with that name.

Although you can select INFORMATION_SCHEMA as the default database with a USE statement, you can only read the contents of tables, not perform INSERT, UPDATE, or DELETE operations on them.

Same way for Columns use column_name from information_schema.columns

To select a particular table use column name where table_name=table name

Password in md5 hash encryption to decrypt use  http://www.md5decrypter.co.uk/