Damn Vulnerable Web App is a PHP web application that is deliberately vulnerable. This is used to learn how to attack websites by exploiting various vulnerabilities in the software. In this example, I am showing you how to use an SQL injection attack to get information out of the database.
This line of code will extract all passwords from the DVWA database.
1' and 1=1 union select user, password from users# |
And this simple line will get information about the admin user.
1' and 1=1 # |
This will list all users on the system.
1' and 1=1 union select user, password from users# |
These commands are a good start if you are messing around with DVWA and help is needed when starting out with DVWA and SQL injection. Setting DVWA to a low security setting seems to be necessary to allow these attacks to work. But these strings do work very well indeed.