O'Reilly logo

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Step by step basic SQL Injection

We saw in Chapter 4, Finding Vulnerabilities, how to detect an SQL Injection. In this recipe, we will exploit an injection and use it to extract information from the database.

How to do it...

  1. We already know that DVWA is vulnerable to SQL Injection, so let's login using OWASP-Mantra and go to http://192.168.56.102/dvwa/vulnerabilities/sqli/.
  2. After detecting that an SQLi exists, the next step is to get to know the query, more precisely, the number of columns its result has. Enter any number in the ID box and click Submit.
  3. Now, open the HackBar (hit F9) and click Load URL. The URL in the address bar should now appear in the HackBar.
  4. In the HackBar, we replace the value of the id parameter with 1' order by 1 -- ' and click ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required