Damn Vulnerable Web Application(DVWA) — SQL Injection Walkthrough

Introduction

There is a page with a single text field.

Enter user ID ‘1’ and submit.

A record is returned.

Security Level: Low

Exploitation

Instead of entering valid input like 1, try input a single quote character and observe its behaviour.

The error message revealed the database is MariaDB. And it also implied that single quote might lead to SQL…

--

--

--

Cyber Security Enthusiast | OSCP | OSWE

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Makers Academy Final Project - Week 1 Diary

How The Web Works

SERVER-SIDE DEVELOPMENT— SOAP

Flatiron Phase 4 Project

3 Simple ways to use Cisco DNA Center Platform APIs

Cellframe — Community

Sinatra Work Order App

Image of a hand pointing to a sprocket with a money icon inside, surrounded by other sprockets and icons with hands shaking, clock, bullseye, graph, and a person.

Linux shell under the hood !

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
David Tse

David Tse

Cyber Security Enthusiast | OSCP | OSWE

More from Medium

Finding and Exploiting SSRF Vulnerabilities

Hack The Box — Lame Writeup

Basic CSRF

Bug Bounty Methodology — Bug Hunting Checklist (PART-1)