Step-by-step error-based SQL injections
In the previous recipe, we detected an SQLi. In this recipe, we will exploit that vulnerability and use it to extract information from the database.
How to do it...
We already know that DVWA is vulnerable to SQLi, so let's log in and browse to http://192.168.56.11/dvwa/vulnerabilities/sqli/
. Then, follow the following steps:
- After detecting that an SQLi exists, the next step is to get to know the internal query, or, more precisely, the number of columns its result has. Enter any number in the
User ID
box and clickSubmit
. - Now, open the HackBar (hit F9) and click
Load URL
. The URL in the address bar should now appear in the HackBar. - In the HackBar, we replace the value of the id parameter with
1' order by 1 -- '
and clickExecute
, as shown in the following screenshot:

- We keep increasing the number after
order by
and executing the requests until we get an error. In this example, it happens when ordering by column3
. This means that the result of the query...