## https://sploitus.com/exploit?id=30123672-89E4-5188-870E-CC80429AB99F
# SQL Injection โ DVWA & SQLMap
Task 5 of the **Oasis InfoByte Internship** โ a hands-on walkthrough of manual and automated SQL Injection exploitation against DVWA (Damn Vulnerable Web Application), performed in a controlled, ethical lab environment.
## Overview
This project demonstrates:
- Manual SQL injection using crafted UNION-based payloads
- Automated exploitation and database enumeration using **SQLMap**
- Full database traversal: databases โ tables โ columns โ records
- Live query execution via SQLMap's interactive SQL shell
All testing was performed against a locally hosted, intentionally vulnerable DVWA instance (security level: **Low**) โ no external or production systems were targeted.
## Repository Contents
| File | Description |
|---|---|
| `sql_injection_exploit.sh` | Automated Bash script that drives SQLMap through the full exploitation chain (detection โ database/table/column enumeration โ data dump) |
| `SQL_Injection_DVWA_SQLMap.md` | Full write-up of the manual and automated exploitation process, including payloads and expected outputs |
## Environment
| Component | Details |
|---|---|
| OS | Kali Linux (VMware Workstation) |
| Target App | DVWA (`vulnerables/web-dvwa` Docker image) |
| Tooling | SQLMap, Firefox DevTools |
| Security Level | Low |
## Usage
### 1. Set up DVWA
```bash
sudo docker run --rm -it -p 80:80 vulnerables/web-dvwa
```
Log in at `http://localhost/` (`admin` / `password`), click **Create / Reset Database**, then set **DVWA Security** to **Low**.
### 2. Capture your session cookie
Visit `http://localhost/vulnerabilities/sqli/?id=1&Submit=Submit`, open DevTools โ **Storage** โ **Cookies**, and copy the `PHPSESSID` value.
### 3. Run the exploit script
```bash
chmod +x sql_injection_exploit.sh
./sql_injection_exploit.sh -u 127.0.0.1 -c -s low
```
**Options:**
| Flag | Description | Default |
|---|---|---|
| `-u` | Target host or IP | *required* |
| `-c` | PHPSESSID cookie value | *required* |
| `-s` | DVWA security level (`low`/`medium`/`high`) | `low` |
| `-p` | Vulnerable endpoint path | `/vulnerabilities/sqli/?id=1&Submit=Submit` |
| `-o` | SQLMap output directory | `./sqlmap_output` |
The script runs SQLMap through:
1. Vulnerability detection
2. Database enumeration (`--dbs`)
3. Table enumeration (`-D dvwa --tables`)
4. Column enumeration (`-D dvwa -T users --columns`)
5. Full data dump (`-D dvwa -T users --dump`)
## Key Takeaways
- SQL injection remains one of the most critical OWASP Top 10 vulnerabilities, arising from unsanitized user input passed directly into database queries.
- Manual exploitation follows a methodical flow: **test โ enumerate columns โ UNION attack โ extract data**.
- SQLMap automates this entire chain and adds capabilities like an interactive SQL shell for live querying.
- **Mitigation:** always use parameterized queries / prepared statements, and apply the principle of least privilege to database accounts.
## Disclaimer
This project is for educational purposes only, performed against a deliberately vulnerable local application (DVWA). Do not use these techniques against systems you do not own or have explicit authorization to test.
## Author
**Muhammad Aryan Tariq**
Oasis InfoByte Internship โ Task 5