Like in the screenshot shown below, the USER ID field could be vulnerable to SQL injection. By analyzing the application properly,the possible injection points can be identified. Identifying the SQL injection is the key step, and it takes a lot of skill and experience to identify the injection point. It is easy to install and configure DVWA and for the demo I have kept the script security as “low”. The concept behind the attack is the same in both the scenarios but there is a slight difference in exploitation that we will discuss later. I will be using two scenarios where DVWA is installed on Linux OS and another in Windows OS. It is a good tool for web application security enthusiasts to begin with. DVWA is PHPMySQLApache application and purposefully made vulnerable. It is easy to install and can be downloaded from. For the demo I am using Damn Vulnerable Web Application (DVWA).
0 kommentar(er)
