XVWA - SQL Injection (Blind)
This lab shows step-by-step how to identify and exploit a Blind SQL Injection on the Xtreme Vulnerable Web Application (XVWA) to retrieve sensitive information from the backend database.
In this scenario, the application does not utilize prepared statements (also known as parameterized queries) to prevent SQL Injection attacks.
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. The idea is to evangelize web application security to the community in possibly the easiest and fundamental way. Learn and acquire these skills for good purpose.
Why are SQL Injections important?
SQL Injection vulnerabilities are one of the most severe weaknesses found in the wild. SQL Injection attacks are unfortunately very common, and this is due to two factors:
- The significant prevalence of SQL Injection vulnerabilities, and
- the attractiveness of the target (i.e., the database typically contains all the interesting/critical data for your application).
What you will learn?
- The difference between Error-Based and Blind SQL Injection vulnerabilities
- How to identify Blind SQL Injection vulnerabilities.
- How to exploit a Blind SQL Injection vulnerability using sqlmap to retrieve information from the backend database.
- This scenario contains one virtual machine.
- VPN Connection Required: Optional
- This lab can be completed by either connecting to the CR VPN or by simply utilizing the Web Proxy feature.
- The examples demonstrated throughout this scenario are based on Linux.
In order to benefit from this scenario it is recommended you have competence in the following areas:
1. Basic understanding of the HTTP protocol
2. How web applications work behind the scenes
3. Basic Linux command line knowledge
4. Basic understanding of Error-Based SQL Injection vulnerabilities and ideally the participants should first complete the following tutorial:
- XVWA-SQLi (Error)
- TIME120 MINUTES
- COST10 CRYSTALS