Skip to content

Latest commit

 

History

History
106 lines (81 loc) · 4.63 KB

Project-1-Identifying-and-Exploiting-SQL-Injection-Vulnerabilities.md

File metadata and controls

106 lines (81 loc) · 4.63 KB

Project 1: Identifying and Exploiting SQL Injection Vulnerabilities

Introduction

SQL Injection is a critical web security vulnerability that allows attackers to interfere with the queries that an application makes to its database. It can allow attackers to view data that they are not normally able to retrieve, and sometimes it can be used to gain unauthorized access to the underlying system. This project will teach you how to identify and exploit SQL Injection vulnerabilities using Burp Suite and DVWA (Damn Vulnerable Web Application).

Pre-requisites

  • Basic understanding of web application concepts and the HTTP protocol.
  • Familiarity with SQL queries and databases.
  • A working installation of DVWA and Burp Suite Community Edition.

Lab Set-up

Setting up DVWA

  1. Install XAMPP:

    • Download XAMPP from Apache Friends and install it.
    • Start the Apache and MySQL services from the XAMPP control panel.

  2. Install DVWA:

    • Download DVWA from GitHub.
    • Extract the DVWA files into the htdocs directory of your XAMPP installation (e.g., C:\xampp\htdocs\DVWA).

  3. Configure DVWA:

    • Open config directory inside DVWA (C:\xampp\htdocs\DVWA\config) and rename config.inc.php.dist to config.inc.php.
    • Edit config.inc.php and set the following database configurations: 
      $_DVWA['db_user'] = 'root';
$_DVWA['db_password'] = '';
$_DVWA['db_database'] = 'dvwa';

  4. Set up the DVWA Database:

    • Open a web browser and navigate to http://localhost/DVWA/setup.php.
    • Click on the "Create / Reset Database" button to set up the database.
    • Log in to DVWA with the default credentials: 
      Username: admin
Password: password

Setting up Burp Suite

  1. Download and Install Burp Suite:

    • Download Burp Suite Community Edition from PortSwigger and install it.

  2. Configure Burp Suite with your Browser:

    • Open Burp Suite and go to the "Proxy" tab.
    • Click on "Intercept is on" button to toggle interception off.
    • Go to "Options" sub-tab and ensure the proxy listener is running on 127.0.0.1:8080.
    • Configure your web browser to use Burp Suite as a proxy (set the proxy server to 127.0.0.1 and port 8080).

Exercises

Exercise 1: Identifying SQL Injection

  1. Set DVWA Security Level to Low:

    • Log in to DVWA and go to the "DVWA Security" section.
    • Set the security level to "Low" and click "Submit".

  2. Navigate to SQL Injection Section:

    • Go to the "SQL Injection" section in DVWA.

  3. Intercept the Request with Burp Suite:

    • In your browser, enter a user ID (e.g., 1) and click "Submit".
    • Burp Suite will intercept the request. Forward the request to see the result.

  4. Modify the Request to Exploit SQL Injection:

    • Intercept the request again and modify the id parameter to an SQL Injection payload (e.g., 1' OR '1'='1).
    • Forward the modified request and observe the response.

Commands and Expected Output

  1. Initial Request Interception:

    • Request intercepted by Burp Suite: 
      GET /vulnerabilities/sqli/?id=1&Submit=Submit HTTP/1.1
Host: localhost

  2. Modified Request with SQL Injection:

    • Modify the intercepted request: 
      GET /vulnerabilities/sqli/?id=1' OR '1'='1&Submit=Submit HTTP/1.1
Host: localhost
    • Expected output: The response should return all users in the database instead of just the one with ID 1.

Exercise 2: Retrieving Sensitive Data

  1. Crafting SQL Injection Payloads:

    • Use payloads to extract database information. For example, to list database tables: 
      GET /vulnerabilities/sqli/?id=1' UNION SELECT table_name, null FROM information_schema.tables WHERE table_schema=database()-- -&Submit=Submit HTTP/1.1

  2. Expected Output:

    • The response should list the table names in the current database.

Exercise 3: Mitigating SQL Injection

  1. Implementing Input Validation and Parameterized Queries:

    • Modify the application code (if you have access) to use prepared statements and input validation.

  2. Testing the Mitigation:

    • After applying the mitigation, repeat the SQL Injection attempts and ensure they are no longer successful.

Conclusion

By completing these exercises, you will gain hands-on experience in identifying and exploiting SQL Injection vulnerabilities using Burp Suite and DVWA. Additionally, you will understand the importance of proper input validation and parameterized queries in preventing SQL Injection attacks.