Skip to main content

How to practice SQL injection using bWAPP?

By tricking the query into being used for something other than what the original programmer intended, an attacker can grant the user access to query the database by using a method called "SQL injection."

In SQL injection, there are three categories:

  • In-band SQLi
  • Out-band SQLi
  • Inferential (blind) SQLi
I am not going to waste time describing each one; there are plenty of articles and videos available on YouTube where you can learn about each of the categories in depth. This blog will describe how to perform SQL injection in bWAPP or any other web-based, vulnerable application.

The bWAPP is having most of the latest attack; that's the only reason I considered this buggy web application platform. Without further ado, let us begin practicing.

If you have learned the SQL injection, this blog will be easy for you. I choose SQL injection (GET/Search) from the bWAPP option selection. 

1. The first method is to find out how many columns are present in the query. To do that, use the ORDER BY query to find out how many specified columns are present.

' ORDER BY 1 -- -
' ORDER BY 2 -- -

Increase the number until the database shows an error. In my case, the total column list is 7. See the below image for reference.


2. Now you need to find out the database name; to do that, execute the below query in the search box.

' UNION ALL SELECT 1, database(), 3,4,5,6,7 -- -

In my case, after executing the query, the database name bWAPP is shown at the end of the list.

3. Now you need to find out the table names inside the bWAPP database, so to do that we need to execute the table_name query. Execute the below query to find out the table names:

' union all select 1,table_name,3,4,5,6,7 from information_schema.tables where table_schema=database() -- -

Please see the image below for reference.


As you can see at the above image the table name is users shown at the below of the list. Now if you need to see only the table names that are present in bWAPP database, then use the below query command.

m' union all select 1,table_name,3,4,5,6,7 from information_schema.tables where table_schema=database() -- -


After executing the above query command, we got the precise table names that are present in the bWAPP database.

4. The next step is to explore the user's table and try to find out its columns. For that, we will use the above command, only changing the table_name to column_name and adding the table_name after the WHERE clause. Just execute the below command.

m' union all select 1,column_name,3,4,5,6,7 from information_schema.columns where table_name='users' and table_schema=database() -- -


Now, in the above image, you can see the output of the column query. There are nine rows that we have found in the user table.

5. In the list of columns, you can see that there are login, password, and secret rows also available. So let's explore them all by using the below query command:

m' union all select 1,login,password,secret,5,6,7 from users -- -0


Finally, we have the last two records in the users table. The bee password is shown in the form of hashed value. Now you can use different tools like John the Ripper or a password cracking tool to retrieve the hash value in text file.

In this way, we need to use SQL injection to find out the sensitive information from the database. That's why SQL injection is very dangerous if you do it perfectly.

Labels:

Comments

Post a Comment

If you have any doubts. Please let me know.

Popular posts from this blog

The Top 5 Laptops Under 50,000 in India December 2023

  Explore the curated selection of the finest laptops under 50,000 Rupees available on prominent e-commerce platforms such as Amazon and Flipkart, as well as in offline market. Enhance your festive season with the perfect blend of performance and affordability this Christmas and New Year's Eve. All the 5 laptops, those are listed below, all of them are capable of playing mid-range games, video editing, practice coding, and also for those who starts journey in any IT department. All of them having outstanding performance under 50,000 Rupees. You're in the proper location! let's see all the 5 laptops in this list. 1. HP Victus Ryzen 5 Hexa core One of the best laptops at this price range, available in the market. With the HP Victus Ryzen 5 Hexa core 5600H, fall deeper in love with computing than ever before. It comes with AMD Radeon RX 6500M of GDDR6 dedicated graphic memory of 4 GB, pre-installed 8 GB DDR4 RAM and it can be maximum upgraded up to 16 GB. The CPU clock speed i
Post a Comment
Read more

What are the Basic Nmap commands for Cyber security enthusiast.

Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service up-time.  Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.  It was designed to rapidly scan large networks but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X. Let's check out the basic nmap command in our day-to day life. Host Scan Host scan is used by penetration tester to identify active host in a network by sending ARP request
Post a Comment
Read more

How to do Installation and configuration of DVWA at any Linux distribution

    In this article we are going to learn about DVWA (Damn Vulnerable Web Application), also how to configure the web application in Ubuntu 18 virtual machine. Before installation and configuration, lets get in what is web application? A web application is a computer program that utilizes web browser and web technology to perform task overs the internet. Web apps can be built for a wider uses which can be used by anyone from an enterprise to an entry for a variety of reasons. Frequently used web applications can include webmail. DVWA damn vulnerable web application coded in PHP and uses MYSQL database. Its made for security professionals or aspiring security researchers, to find new issues or security flaws in web applications. For installation of DVWA, first install apache2. Apache2 is a free open-source web server that provide HTTP server to deliver web content through the internet. Follow below commands: 1.  First open your terminal in Ubuntu or any Linux distribution, after that ap
Post a Comment
Read more