Skip to main content

Posts

Showing posts from October, 2011

File Inclusion attack on DVWA

Hey, I am not going to write much about this vulnerability. Its pretty straight forward.
The web developer has provided you the ability to include any file from the local system or even remote system. So you can be creative and include any file you want to own the system.


After watching the video, try this URL just to get the perspective:


http://localhost/dvwa/vulnerabilities/fi/?page=http://google.com/robots.txt

Now, think as devilish as you can and see what else you can do with this hole ;)
Also, take a look at this exploit already present in the Metasploit framework.

http://www.metasploit.com/modules/exploit/unix/webapp/php_include



Owning DVWA SQLi with sqlmap

Here we go... finally writing this post on SQL injection on DVWA. I was caught up with some really boring office -day job- work and  some other things to top that. But that has always  been  the case with my blogging. Its a sad story.

In this post I will explain the exploitation of SQL injection vulnerability present in DVWA. For details on DVWA and how to get it, please visit my previous post.

SQLMAP:
sqlmap is an automatic SQL injection and database takeover tool. SQLMAP is capable of enumerating entire remote databases, and perform an active database fingerprinting.
Get sqlmap from : http://sqlmap.sourceforge.net/

I am documenting steps that I carried out to pwn the DVWA. You are free to experiment with different options and parameters of sqlmap, it is a great tool.


Looking for SQL injection in the webapp: The best way to detect SQL injection in a webapp is by looking into the URL of it. If you are able to change the parameters passed in the URL and that change is reflected in the out…