Home > Others

DVWA Series 2 Low level SQL injection

Source: Internet
Author: User
Tags mysql injection
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Set the security level to on, select SQL injection in the list on the left, and then enter a different number in the User ID text box on the right to display the appropriate user information.

We first need to determine whether the parameters transmitted here are text or digital, enter 3 and 1+2 respectively, and observe that they show inconsistent results, thus judging the type of the parameter is text type.

Click "View Source" in the lower right corner of the page to view the source code, the most important of which is the two lines of statements as shown:

650) this.width=650; "title=" 1.jpg "src=" Http://s2.51cto.com/wyfs02/M01/76/CC/wKiom1Zc5Q7AWd-JAAAZ69R0bxk367.jpg " alt= "Wkiom1zc5q7awd-jaaaz69r0bxk367.jpg"/>

The first line is to get the value passed by the user through the ID parameter and assign the value to the variable ID, the second line is to assign a SELECT statement to the variable $getid,select statement to find the values of the first_name and last_name two fields from the Users table. The condition is that the value of the user_id field matches the value entered by the user.

Here we enter "' or 1=1 #" in the text box to display all the data in the Users table:

650) this.width=650; "title=" 2.jpg "src=" Http://s4.51cto.com/wyfs02/M00/76/CC/wKioL1Zc5ePRL5ZRAADYOesjdu0388.jpg " alt= "Wkiol1zc5eprl5zraadyoesjdu0388.jpg"/>

Insert the statement we entered into the source code:

$getid = "Select First_Name, last_name from users WHERE user_id = ' or 1=1 # '";

For text-type injection, it is important to consider the problem of closing the quotation marks. #是MySQL中的注释符, it disables all subsequent content.

Let's practice the previous manual MySQL injection process.

First Enter ' Union Select # # ' to determine that the number of fields is 2, and that two fields can be queried by substituting parameters.

Enter ' Union Select # # ' to detect that the MySQL version is 5.0 and the current database name is DVWA.

Enter "' Union select table_name,2 from Information_schema.tables where table_schema= ' Dvwa ' #" burst DVWA database with two tables: Guestbook, Users, of whom we are concerned is obviously the users.

Enter "union select column_name,2 from Information_schema.columns where table_name= ' users ' #" to burst the fields in the Users table.

Enter "union select User,password from users #" to burst the user name and password.

This article from "a pot of turbid wine" blog, reproduced please contact the author!

DVWA Series 2 Low level SQL injection

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
low level format ssd low level format tool bootable low level format hdd seagate tx power level high medium or low tx power level high medium or low battlefront 2 level system togaf level 2

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More