DVWA SQL Injection

Head to the SQL Injection section in the DVWA

Check for the database with a ‘

Enter User ID as 1 to see how the database work.

Send the request to burpsuite.

Clear the payload and add the id= input.

I use the SQL payload list from here

Observe the payload with the different payload length.

Try out the successful payloads.

Users found

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: