SQL Injection
Last updated
Last updated
This type of attacks consists in using SQL commands that can be sent through different entry points in the web application, which can manipulate the business and data logic of the application to gain access to more information, bypass access controls, among others.
So let's use the DVWA page here to test this type of vulnerability.
In this form when we enter a number, it shows a record.
Which leads us to assume that the SQL query that is being used to display this information (which can be confirmed with the View Source) is something like:
In this case:
Where there are parameters to be directly passed to the SQL query. As such, we can always try passing additional SQL commands so that we can see the results we get. Let's look at different SQL payloads and see their results.
This payload modifies the SQL query to the following:
Resulting in a leak of information like the one we can see below.
The next injection will result in displaying the version of the MySQL database server.
The next injection will display the username of the user connected to the database server.
The next SQL injection will display the list of tables on the database.
The next injection will display the first name of the user and the password.
The next injection will display the contents of a file inside the system.
As it was possible to verify, there are several ways, directly in the web application, and without using any kind of additional tool.