DVWA SQL Injection
Description
What is a SQL Injection?
What is SQL Injection Harvesting?
What is Damn Vulnerable Web App (DVWA)?
What are some of your suggested changes to the code of the given to eliminate the SQL-injection vulnerability?
What are some lessons learned from this and how can these skills be used in the future?
We use inject always true SQL statements into the SQL Injection User ID field with security set to low.
We can obtain the username and raw-MD5 password contents from a user’s table.
We can use John the Ripper to crack the raw-MD5 password HASH for each user.