The Damn Vulnerable Web Application (DVWA) is a popular web application designed to help security professionals and enthusiasts practice their skills in a legal and controlled environment. This repository specifically focuses on SQL Injection vulnerabilities, providing detailed explanations and step-by-step solutions for each challenge level.
Welcome to the repository containing comprehensive solutions for SQL Injection vulnerabilities in the Damn Vulnerable Web Application (DVWA). This repository is curated and maintained by Nihar Rathod, also known as Bugbot19, a seasoned security researcher and ethical hacker.
Repository Contents
Low-Level Solutions: Detailed walkthroughs for exploiting SQL Injection vulnerabilities at the 'Low' security level of DVWA. These solutions demonstrate basic techniques and concepts for beginners.
Medium-Level Solutions: Comprehensive solutions for the 'Medium' security level, showcasing intermediate techniques and methods to bypass slightly more complex protections.
High-Level Solutions: Advanced SQL Injection techniques and solutions for the 'High' security level, aimed at overcoming sophisticated security mechanisms.
First, we try to understand the working by inserting 1 in the textbox
We can observe that it had given us the detail of user-id 1
Now, we will try to get all the details of users by using a simple but effective payload i.e ' or 1=1#
Will try to get the pieces of information related to the table such as table_name will inject ' union select table_name,null from information_schema.tables#
We can notice that we have many table names and one of the table names is usersThere is a potential chance that table users must contain some credentials, Now we will go through the column name because through column name we can get the columns at which the credentials are store so the payload looks like this ' union select column_name,null from information_schema.columns from table_name='users'
We can observe from above that columns name such as id,login,password have high chances of containing credentials so will be using the final payload to get all the details 'UNION select user,password from users#
We have found out the username and password of many users
We have the final payload Union select user,password from users# this will work on both the level medium and hard we just need to find the injected parameter this level will be performed with the help of Burp Suite
First Intercept the request
We will be using the id parameter to inject SQLi the payload will be the same i.e 1 UNION select user,password from users#
Now click on forward we can observe that we have all the credentials
We have the final payload Union select user,password from users#This will work on both the levels medium and hard we just need to find the injected parameter this level will be performed with the help of Burp Suite
Click on here to change the id
after clicking a different prompt will appear
Try to insert the same payload i.e ' Union Select user,password from users#
Click on submit and check out the first prompt all the user credentials are displayed
