SQL Injection and Blind SQL Injection to DVWA Web's Testing Revision

This act is testing vulnerable website with low level security, and try to Injecting it with SQL Injection use SQLMAP

This is active on my localhost, and I starting it with Mantra, I choose this tools cause for past action on FBIP I can success cause this tools was give me so many important information abot Web target, first step I will try to earch information with DOM Inspector as Information Gathering Act

I try to find information in FORM at Input area, and I found action # I dont know its important or not but I still post it in my article cause is my trial, after this I try to input data on Web with variable1=1 its mean to try act same admin with password same character

And Its work, so I found this result

Information of database is leak, so I guess is it vulnerable with this command

Its inform for me this database have 5 columns in 2 rows, cause that show 5 accounts and 2 rows mean at table user and passwords, this can occur because of the possibility of sql query is

$query = "select * from user where username='".$_POST['user']."' AND password='".md5($_POST['pass'])."'";

And I found change of url, this is url now in DOM Inspector

http://localhost/dvwa/vulnerabilities/sqli/?id=%27OR+%271%27%3D%271%27+--+%27%3B+&Submit=Submit#

Move to main page Browser of Mantra and activate Hackbar we'll seen diferent url type, cause decode url in DOM Inspector, It is can be decode or encode url, I'll show it

I press encoding and choose encode url this is will change like it

After I found url of input, I want to try do next treat with Sqlmap to do Injection

I test with parameter --Surname and --Users --Passwords, and combine with cookies data like from xplico and PHPSESSID, it can be fround at cookies

To Found passwords we need to cracking it from database hashes with dictionary, and this is result

For found enteries of table database we need to add parameter focus to tables like this

If not have failure syntax it will show enteries of database on tables

Its really work, I can look inside of table's database, and next is do it with Blind SQL Injection, I do same with first case, but it is on Blind SQL Injection mode

Result page is same, but I not found information leak on url like in past step, I was try to scanning vulnerable web with sqlmap but result's is not Injectable, Till now I not found the way of how to Inject in Blind Sql Injection, maybe I'll release at news Article Soon.