DVWA Low Security SQL Injection Hacking
DVWA Low Security SQL Injection Hacking

DVWA ( Damn Vulnerable Web Application ) lets you practise some of the web application security concepts legally, that is setup on you own machine and lets you decide the level of security which you will be breaking.

Those who are reading it most probably already know What is DVWA and how to host it on your own machine, where to start and other things, so without taking much time we will start with SQL Injection

How to Setup DVWA Pentest Lab https://www.ethicalhackx.com/how-to-host-dvwa-pentest-lab-on-wamp-server/
DVWA Brute Force : Low Securityhttps://www.ethicalhackx.com/dvwa-brute-force-low-security-burp-suite/

DVWA Low Security Setting
DVWA Low Security Setting

First let’s have a look at code which is causing the vulnerability, I mean the reason behind all the Injection possibilities, it will be better if you figure this out and compare the different versions -low, medium and high security. Find out whats the difference.
Click on view-source button at Right-Bottom on SQL-Injection Page in DVWA to open the source in new window.

DVWA Low Security SQL Injection Source Code
DVWA Low Security SQL Injection Source Code

Step by Step : SQL Injection

I have made a short video on same showing each steps below, check this out

Step 1: Input Field is Vulnerable ?


Yes it is but how to know that ? How to check ?
Throw some input to the field to see what output we get. Lets first go with 1

DVWA SQL Injection Vulnerable Form Field
DVWA SQL Injection Vulnerable Form Field

The Output we got says – ID, First Name, Last Name.

1' in input throws this error page
1′ in input throws this error page

The field is vulnerable to SQL Injection, so lets start digging information.

Step 2 : How many Columns are there ?

We now find out how many columns are there , and we do this with order by.

Finding number of columns
Finding number of columns
Finding number of columns
Finding number of columns

So we have Column 1,2 but when you try for Column 3, we face error that – Unknown column ‘3’ in ‘order clause’

Step 3 : Fetch the Data.

Step 4: Getting more details like database name, version etc.

We can replace – “1′ union select 1,2 #” “1” and “2” with SQL Understandable inputs to get the desired output. We hence try few things.

Getting database name:

SQL Injection Hacking : Getting Database name
SQL Injection Hacking : Getting Database name

Getting The database Version :

SQL Injection Hacking : Getting Database Version
SQL Injection Hacking : Getting Database Version

Getting The user name :

SQL Injection Hacking : Getting User Name
SQL Injection Hacking : Getting User Name

Getting the Table Names

SQL Injection Hacking : Getting Table Name
SQL Injection Hacking : Getting Table Name

We got a list of Tables present, any useful information here ? When you scroll the page you might find few very interesting entries like – admin, users, USER_PRIVILEGES. Basically depends on what you are looking for. I am happy in digging more about users table.
NOTE: I have increased input form field width to make it visible at few places, its not actual size what you see in screenshots here.

SQL Injection Hacking : Getting Table Name which are similar to USERS
SQL Injection Hacking : Getting Table Name which are similar to USERS

We have listed tables which have User in name like users, users_groups, users_permissions

Now we get the column names from table- users

SQL Injection Hacking : Getting Column Names for USERS Table
SQL Injection Hacking : Getting Column Names for USERS Table

This gives us column names in user table like – user_id, first_name, last_name, user, password, avatar

SQL Injection Hacking : Getting Rows (Data) from Users Table
SQL Injection Hacking : Getting Rows (Data) from Users Table

So we finally got the User details like user_id, first and last name, password(hash) from the user database.

DVWA Low Security SQL Injection Hacking
DVWA Low Security SQL Injection Hacking

So this was all about DVWA SQL Injection at Low Security. We learnt how we can get details like user_name and passwords. The purpose was to show
How to check if input field is vulnerable ?
How to get table and column names ?
How to get columns (data) from required columns and tables ?

In upcoming articles we will do same with DVWA Medium and High Security, as well with other vulnerable Web Application Frameworks like bwapp and more.

What Do You Think on This ? Say Here