Experiment-6

LOW-LEVEL SECURITY
we enter random user id to get some result here we are using 1 as user id.
To check the SQL injection vulnerability we put “ ’ “ sign after ?id=1’ and then press enter.

We see the SQL error which confirms that this page has SQL Injection vulnerability.

Now we check the number of tables in this page SQL database for this we use “order by 5 - -
+” after “ ?id=1’ ”
so we keep on decreasing the number to get result as we can see on “order by 2” we are
getting some result.
find the vulnerable column using the command “union select 1,2 - -+”.

Here we can see number 1 and 2 is showing on First name and Surname respectively by
seeing this we can conclude that 1 and 2 columns are vulnerable.

For finding database and version

data of all tables
Now we check the user column
Now we check the user and password using command “ union select user,password from
users”.

we get all users with their password