Share
## https://sploitus.com/exploit?id=30123672-89E4-5188-870E-CC80429AB99F
# SQL Injection โ€” DVWA & SQLMap

Task 5 of the **Oasis InfoByte Internship** โ€” a hands-on walkthrough of manual and automated SQL Injection exploitation against DVWA (Damn Vulnerable Web Application), performed in a controlled, ethical lab environment.

## Overview

This project demonstrates:

- Manual SQL injection using crafted UNION-based payloads
- Automated exploitation and database enumeration using **SQLMap**
- Full database traversal: databases โ†’ tables โ†’ columns โ†’ records
- Live query execution via SQLMap's interactive SQL shell

All testing was performed against a locally hosted, intentionally vulnerable DVWA instance (security level: **Low**) โ€” no external or production systems were targeted.

## Repository Contents

| File | Description |
|---|---|
| `sql_injection_exploit.sh` | Automated Bash script that drives SQLMap through the full exploitation chain (detection โ†’ database/table/column enumeration โ†’ data dump) |
| `SQL_Injection_DVWA_SQLMap.md` | Full write-up of the manual and automated exploitation process, including payloads and expected outputs |

## Environment

| Component | Details |
|---|---|
| OS | Kali Linux (VMware Workstation) |
| Target App | DVWA (`vulnerables/web-dvwa` Docker image) |
| Tooling | SQLMap, Firefox DevTools |
| Security Level | Low |

## Usage

### 1. Set up DVWA

```bash
sudo docker run --rm -it -p 80:80 vulnerables/web-dvwa
```

Log in at `http://localhost/` (`admin` / `password`), click **Create / Reset Database**, then set **DVWA Security** to **Low**.

### 2. Capture your session cookie

Visit `http://localhost/vulnerabilities/sqli/?id=1&Submit=Submit`, open DevTools โ†’ **Storage** โ†’ **Cookies**, and copy the `PHPSESSID` value.

### 3. Run the exploit script

```bash
chmod +x sql_injection_exploit.sh
./sql_injection_exploit.sh -u 127.0.0.1 -c  -s low
```

**Options:**

| Flag | Description | Default |
|---|---|---|
| `-u` | Target host or IP | *required* |
| `-c` | PHPSESSID cookie value | *required* |
| `-s` | DVWA security level (`low`/`medium`/`high`) | `low` |
| `-p` | Vulnerable endpoint path | `/vulnerabilities/sqli/?id=1&Submit=Submit` |
| `-o` | SQLMap output directory | `./sqlmap_output` |

The script runs SQLMap through:
1. Vulnerability detection
2. Database enumeration (`--dbs`)
3. Table enumeration (`-D dvwa --tables`)
4. Column enumeration (`-D dvwa -T users --columns`)
5. Full data dump (`-D dvwa -T users --dump`)

## Key Takeaways

- SQL injection remains one of the most critical OWASP Top 10 vulnerabilities, arising from unsanitized user input passed directly into database queries.
- Manual exploitation follows a methodical flow: **test โ†’ enumerate columns โ†’ UNION attack โ†’ extract data**.
- SQLMap automates this entire chain and adds capabilities like an interactive SQL shell for live querying.
- **Mitigation:** always use parameterized queries / prepared statements, and apply the principle of least privilege to database accounts.

## Disclaimer

This project is for educational purposes only, performed against a deliberately vulnerable local application (DVWA). Do not use these techniques against systems you do not own or have explicit authorization to test.

## Author

**Muhammad Aryan Tariq**
Oasis InfoByte Internship โ€” Task 5