Saturday, May 27, 2023

Learning Web Pentesting With DVWA Part 2: SQL Injection

In the last article Learning Web Pentesting With DVWA Part 1: Installation, you were given a glimpse of SQL injection when we installed the DVWA app. In this article we will explain what we did at the end of that article and much more.
Lets start by defining what SQL injection is, OWASP defines it as: "A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands."
Which basically means that we can use a simple (vulnerable) input field in our web application to get information from the database of the server which hosts the web application. We can command and control (at certain times) the database of the web application or even the server.
In this article we are going to perform SQL injection attack on DVWA, so let's jump in. On the DVWA welcome page click on SQL Injection navigation link. We are presented with a page with an input field for User ID.
Now lets try to input a value like 1 in the input field. We can see a response from server telling us the firstname and surname of the user associated with User ID 1.
If we try to enter a user id which doesn't exist, we get no data back from the server. To determine whether an input field is vulnerable to SQL injection, we first start by sending a single quote (') as input. Which returns an SQL error.
We saw this in the previous article and we also talked about injection point in it. Before diving deeper into how this vulnerability can be exploited lets try to understand how this error might have occurred. Lets try to build the SQL query that the server might be trying to execute. Say the query looks something like this:
SELECT first_name, sur_name FROM users WHERE user_id = '1';
The 1 in this query is the value supplied by the user in the User ID input field. When we input a single quote in the User ID input field, the query looks like this:
SELECT first_name, sur_name FROM users WHERE user_id = ''';
The quotes around the input provided in the User ID input field are from the server side application code. The error is due to the extra single quote present in the query. Now if we specify a comment after the single quote like this:
'-- -
or
'#
we should get no error. Now our crafted query looks like this:
SELECT first_name, sur_name FROM users WHERE user_id = ''-- -';
or
SELECT first_name, sur_name FROM users WHERE user_id = ''#';
since everything after the # or -- - are commented out, the query will ignore the extra single quote added by the server side app and whatever comes after it and will not generate any error. However the query returns nothing because we specified nothing ('') as the user_id.
After knowing how things might be working on the server side, we will start to attack the application.
First of all we will try to determine the number of columns that the query outputs because if we try a query which will output the number of columns greater or smaller than what the original query outputs then our query is going to get an error. So we will first figure out the exact number of columns that the query outputs and we will do that with the help of order by sql statement like this:
' order by 1-- -
This MySQL server might execute the query as:
SELECT first_name, sur_name FROM users WHERE user_id = '' order by 1-- -';
you get the idea now.
if we don't get any error message, we will increase the number to 2 like this:
' order by 2-- -
still no error message, lets add another:
' order by 3-- -
and there we go we have an error message. Which tells us the number of columns that the server query selects is 2 because it erred out at 3.
Now lets use the union select SQL statement to get information about the database itself.
' union select null, version()-- -
You should first understand what a union select statement does and only then can you understand what we are doing here. You can read about it here.
We have used null as one column since we need to match the number of columns from the server query which is two. null will act as a dummy column here which will give no output and the second column which in our case here is the version() command will output the database version. Notice the output from the application, nothing is shown for First name since we specified null for it and the maria db version will be displayed in Surname.
Now lets check who the database user is using the user() function of mariadb:
' union select null, user()-- -
After clicking the submit button you should be able to see the user of the database in surname.

Now lets get some information about the databases in the database.
Lets determine the names of databases from INFORMATION_SCHEMA.SCHEMATA by entering following input in the User ID field:
' union select null, SCHEMA_NAME from INFORMATION_SCHEMA.SCHEMATA-- -
This lists two databases dvwa and information_schema. information_schema is the built in database. Lets look at the dvwa database.
Get table names for dvwa database from INFORMATION_SCHEMA.TABLES
' union select null, TABLE_NAME from INFORMATION_SCHEMA.TABLES-- -
It gives a huge number of tables that are present in dvwa database. But what we are really interested in is the users table as it is most likely to contain user passwords. But first we need to determine columns of that table and we will do that by querying INFORMATION_SCHEMA.COLUMNS like this:
' union select null, COLUMN_NAME from INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'users'-- -

We can see the password column in the output now lets get those passwords:
' union select user, password from users-- -
Of-course those are the hashes and not plain text passwords. You need to crack them.
Hope you learned something about SQL injection in this article. See you next time.

References:

1. SQL Injection: https://owasp.org/www-community/attacks/SQL_Injection
2. MySQL UNION: https://www.mysqltutorial.org/sql-union-mysql.aspx
3. Chapter 25 INFORMATION_SCHEMA Tables: https://dev.mysql.com/doc/refman/8.0/en/information-schema.html
Read more
  1. Hacking Tools Hardware
  2. Pentest Tools Bluekeep
  3. Hack Rom Tools
  4. Hack App
  5. Nsa Hack Tools Download
  6. Pentest Tools For Android
  7. Pentest Recon Tools
  8. Hack Tools Github
  9. Hacking App
  10. Hack Tools 2019
  11. Best Hacking Tools 2019
  12. Hack Tools
  13. Hacking Tools For Mac
  14. Hak5 Tools
  15. Hacking Tools For Games
  16. Hack Tools For Ubuntu
  17. Pentest Tools Website Vulnerability
  18. Hack Tool Apk
  19. New Hacker Tools
  20. Pentest Reporting Tools
  21. Hacker Tools Linux
  22. Best Pentesting Tools 2018
  23. Pentest Tools For Mac
  24. Black Hat Hacker Tools
  25. Kik Hack Tools
  26. Hacker Tools Free Download
  27. Android Hack Tools Github
  28. Termux Hacking Tools 2019
  29. Hacker Tools 2020
  30. Hack Tools For Pc
  31. Hack Tools Online
  32. Pentest Tools Website
  33. Hacking Tools Pc
  34. Nsa Hack Tools Download
  35. Pentest Tools Subdomain
  36. Pentest Box Tools Download
  37. Hacker Tools For Windows
  38. Hacking Tools Kit
  39. Hacking Tools 2019
  40. Free Pentest Tools For Windows
  41. Hacking Tools For Games
  42. Pentest Tools Bluekeep
  43. Hacking Tools Github
  44. Hack Tools 2019
  45. Hack Tools Download
  46. Hacking Tools Download
  47. Easy Hack Tools
  48. Pentest Tools Linux
  49. Hackers Toolbox
  50. Hacker Tools Free
  51. Hack Tools For Pc
  52. Hacking Tools Online
  53. Easy Hack Tools
  54. Hack Tools 2019
  55. Hacking Tools 2020
  56. Hacks And Tools
  57. Growth Hacker Tools
  58. Nsa Hack Tools
  59. Hacker Tools 2019
  60. Wifi Hacker Tools For Windows
  61. Best Hacking Tools 2019
  62. Hacking Tools Windows
  63. Hacker Tools Mac
  64. Pentest Tools Tcp Port Scanner
  65. Pentest Tools Apk
  66. Pentest Tools Download
  67. Hacking Tools For Kali Linux
  68. Pentest Tools For Android
  69. Hacks And Tools
  70. Beginner Hacker Tools
  71. Best Hacking Tools 2020
  72. Pentest Tools For Mac
  73. New Hacker Tools
  74. Hack Tools 2019
  75. Hack Tools 2019
  76. Pentest Tools
  77. Hacking Tools For Windows 7
  78. Hack Tools Mac
  79. Pentest Tools Windows
  80. Hacking Tools For Pc
  81. Hacking Tools
  82. Growth Hacker Tools
  83. Hack Tool Apk No Root
  84. Underground Hacker Sites
  85. Tools Used For Hacking
  86. Pentest Tools Port Scanner
  87. New Hack Tools
  88. Pentest Tools Alternative
  89. Pentest Tools List
  90. Computer Hacker
  91. Pentest Tools Online
  92. Hacking Tools 2019
  93. Hack Tools For Mac
  94. Hacker Tools Apk Download
  95. Pentest Tools Kali Linux
  96. Pentest Reporting Tools
  97. Hacking Tools For Windows Free Download
  98. How To Make Hacking Tools
  99. Growth Hacker Tools
  100. Hacker Tools
  101. Hacking Tools Kit
  102. Github Hacking Tools
  103. Blackhat Hacker Tools
  104. Pentest Tools Tcp Port Scanner
  105. Hacking Tools Windows
  106. Hack Rom Tools
  107. Ethical Hacker Tools
  108. Hacker Tools For Pc
  109. Termux Hacking Tools 2019
  110. Pentest Tools Review
  111. Hacker Techniques Tools And Incident Handling
  112. Hack And Tools
  113. Hacker Tools Online
  114. Hacker Tools Online
  115. Pentest Reporting Tools
  116. Pentest Box Tools Download
  117. Best Hacking Tools 2019
  118. Termux Hacking Tools 2019
  119. Install Pentest Tools Ubuntu
  120. Hacker Tools Linux
  121. Tools Used For Hacking
  122. Hackrf Tools
  123. World No 1 Hacker Software
  124. Hacking Tools For Windows 7
  125. Hack Tool Apk No Root
  126. Hack Tools For Games
  127. Pentest Tools Apk
  128. Pentest Recon Tools
  129. Nsa Hack Tools Download
  130. Beginner Hacker Tools
  131. Pentest Recon Tools
  132. Hack Tools Online
  133. Hacker Tools Online
  134. Hacker Tools 2019
  135. Hack Tools Online
  136. Hacking Tools For Windows
  137. Hack Tools For Windows
  138. Pentest Tools Port Scanner
  139. Pentest Tools Download
  140. Hak5 Tools
  141. Hack Tools Mac
  142. Nsa Hacker Tools
  143. Pentest Tools Kali Linux
  144. Pentest Tools Kali Linux
  145. Hack Tools For Pc
  146. Hacker Tools Apk
  147. Hacker Tools Software
  148. Pentest Reporting Tools
  149. Hacking Tools Windows
  150. Hacking Tools Windows
  151. Pentest Box Tools Download
  152. Hack Tools Pc
  153. Hack App
  154. Pentest Tools Nmap
  155. Hacker Tools Software
  156. Computer Hacker
  157. Underground Hacker Sites
  158. Pentest Tools Kali Linux
  159. Pentest Tools Subdomain
  160. Hacker Security Tools
  161. Hacker Search Tools
  162. Hacker Tools For Windows
  163. Hacker Tools 2019
  164. Hacking Tools For Mac
  165. Pentest Tools Download
  166. Hacker Tools For Mac
  167. Hack Tools For Games
  168. Tools Used For Hacking
  169. Game Hacking
  170. Hack Tools Download
  171. Pentest Tools Nmap
  172. Hacking Tools
  173. Install Pentest Tools Ubuntu
  174. Hacker Tools Hardware
  175. Hacker Tools Apk Download
  176. Pentest Reporting Tools
  177. Hacking Tools For Mac
  178. Hacking Tools Windows
Posted by daybydaypregnancy at 1:16 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Why Should you take care of Day by Day Pregnancy?


Taking care of your baby and your body on Day by Day Pregnancy

If you're pregnant now, you should know how important is to take care of yourself and your future baby. Well, pregnant is something that every married girl dream of. Sooner or later, after you married and settle down, your husband and yourself will love to have a new comer in your house, especially if only both of you living together without living with your other family members like your parents, grandparents or any other sibling

It is extremely important to take care of your baby and yourself on day by day pregnancy. You must eat the right food and make sure that the food you ate will not harm your baby and yourself.

Yes, pregnant is great, eating right and good nutrition food for your baby is a must! but how about the excessive pounds you will get when you're pregnant and after you delivered? is it something that you must consider of? as a woman, it is extremely important to take care of our weight, fat means ugly, and what happen when we're fat? of course, we will lost our self confident at first. And what happen when we lost our self confident?

If you're not even dare to look at yourself in the mirror, do you think that your belove husband will like to hug you, kiss you and look at you like before? even if your husband looks at you like before, you might probably think, "what's wrong with him, he look at my fat meat all the time!"

well, dont' let this happens to you. It is Extremely important to get rid of the excessive fat during and after pregnancy.

Here at Pregnancy Without Pounds, I found an absolutely great course and guide for your day by day pregnancy course, free of charge. They'll send you article and some guide several times a week for you to learn how to take care of yourself and your baby.

This is what they claim: