SQL Injection dvwa

Still the spirit of course, we will try SQL injection technique this time, to the target itself is http://127.0.0.1/dvwa
our first try with a standard query
'or'1 = 1


look there first name and Surname
not just trying to query, we try with sqlmap
just type the command

python. / sqlmap.py-u http://127.0.0.1/dvwa/vulnerabilities/sqli/
and the result was like this,  
until this step I am still looking for how to query the right to be able to get a username and password:)

Comments

Post a Comment

Popular posts from this blog

Introduction Maltego

Image
What is maltego ? Maltego are tools for OSINT (Open Source Intelligence Gathering ) , so OSINT is a method of searching the information available to the public and then analyzed and used for certain purposes maltego also an open- source intelligence and forensics application . This allows for the mining and gathering information and presenting this information in a meaningful way .
Read more

EXE file structure

Image
I 'll try to explain how a structure file extension .EXE. EXE is a common file extension indicates an executable file ( program) in the DOS , OpenVMS , Microsoft Windows , Symbian , and others. In addition to the executable program , many EXE files contain other components called resources, such as bitmaps and icons which the executable program to be able
Read more