The Hashemite University Prince Al-Hussein Bin Abdullah II Faculty for Information

Technology

Sql Injection with Yusuf Ali

Network SecurityBy

Dr. Ashraf Aljammal

What we will learn ?

4 ) How to use dvwa to develop our skills ?3 ) What is dvwa project.

2) How to attack using SQL injection ?1 ) What is SQL Injection .

Sql Injection

How to hack a website using Sql injection?

The Vulnerable is execution of inputs without scan it.Inputs like username maybe a sql statement! Which executed at Database of server by Hackers.

1 )Normal password : karcobia$sql = “select * from users where

pass=$password;”2 )Attacker's password : abc. or 1=1

$sql = “select * from users where pass=$password”.or 1=1;

As we can see here we got all users and passwords in the Database!

Hacker can execute any sql statement like Admin privileges !

Result

dvwa Project :// . . .http www dvwa co uk/

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, It also helps web developers better understand the process of securing server and web app or can also be use to teach students ethical hacking and pretesting.

- See more at: http://www.hackw0rm.net/2013/02/how-to-create-penentration-lab-in.html#sthash.AXAhpGPY.dpuf

Let’s Try it!

SQL Injection

Gather information of database : 1 ) Version of Database

2 ) User of Database3 ) Database name

4 ) Tables in Schema information5 ) mysql Table information

6 ) Users and Passwords7 ) Decrypt Hash Passwords

How to ensure that your password hash in not in the MD5 huge

databases ?

What we learned ?

What is Sql Injection.How to attack using sql injection?

What is dvwa project.How to use dvwa to develop your skills?

Thank you for your time and attention!

Contact info:Email: Yusuf.alquran@gmail.com

Twitter: @YusufAmroJunior GIS Web and Mobile Application Developer

JoGulf Spatial Data Systems