Professional Documents
Culture Documents
Lab 10
Lab 10
1. Introduction
In the form of SQL injection attacks, Blind SQL injection is a very
common form. Derived from the optimization of the Blind SQL injection
vulnerability in queries using the ORDER BY clause, this article covers methods
for exploiting, optimizing Blind SQL injection in general, and Blind SQL
vulnerabilities in queries. Use the ORDER BY clause in particular and offer a new
perspective and approach to optimizing this attack.
2. Preparation
- Computer running windows operating system. Require to disable the firewall on
the system.
- The source code management mysql - phpmyadmin
https://www.phpmyadmin.net/downloads/
- XAMPP download by following link:
https://downloadsapachefriends.global.ssl.fastly.net/xampp-files/5.6.31/xampp-
win32-5.6.31-0-VC11-installer.exe?from_af=true
- DVWA download the following link:
http://www.dvwa.co.uk/
- The browser software chrome, firefox 10.0, 7zip, Notepadd ++.
3. Implementation steps
- Turn on xampp and go to 192.168.100.15/DVWA. Login with user: admin. Pass:
password. Here 192.168.100.15 is ipv4 machine running dvwa
- Login successful we select dvwa security > Chọn low and submit
- Type : 1 submit