“There is no delight in owning anything unshared.”

LAB Testing with DVWA – Part I [SQL Injection Exploitation]

In order to exploit SQL injection vulnerabilities, understanding how query is built is essentials in order to inject our parameter in a situation that the query will remain true.For exampled SQL Injection Tutorials,a text field where it asks for user ID. By entering number 1 and click on the submit button the result will return the first name and the surname of the user with ID=1.

User ID 1

Executed query in the database as below:

[SELECT First_Name,Last_Name FROM users WHERE ID=’1′;]

In order to find the first names and surnames of all the users, lets try to change the ID number on the URL [ =(1,2,3,4) &Submit=Submit#] or the Submit Column to other values.

User ID 4

The next testing is to identify what kind of database is running on the back-end in order to construct the queries accordingly and to extract the information.

Version Identify

The idea is to make the database to respond in a way that it will produce an error message that it will contain the database type and version.[single quote] such as [‘] will force the database to consider any characters that are following the quote as a string to cause a syntax error.The vulnerable parameter id=’ will cause the database to generate an error message as shown in the browser. However, it fails to show it’s version number. Let’s proceed with version findings:

Show Version

UNION statement being used for the identification [union select 1,@@version#]

Running on MySQL Ver: 5.5.27

Beside, we also able to perform hostname discovery with @@hostname statement:


Hostname Discovery via SQL Injection ‘ union select null,@@hostname #

Above Scenario and testing is part of the ideal how SQL Injection is able to discover information and abuse on server with such vulnerabilities, beside a simply statement and version or host discovery, never forget about the in depth damage that possibly can be done. Enjoy the tutorial and sample while always be ethical. 🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s