 Good afternoon everyone. Now, we will see the demo of SQL injection with dvw application. So, dvw is dam vulnerable web application. It is PHP MySQL application that is used by the professional security professional students and teachers to study various kinds of attack. So, that they can imitate the attack in the legal environment. So, in order to use the dvw application, we should install the dvw application that is installed on your system. So, we will now see how to install dvw application. So, you need to launch the web browser first. Browse to this URL that is www.dvwa.co.uk. You will find download link there. Just click download and download the archive file that is zip file. So, before installing dvw application, the prerequisite is you should install Apache and MySQL. So, in case of Linux, the default web hosting directory is var and www. So, you need to extract the dvw zip into this directory. In case of Windows, if you are using XAMP server, then the default directory is htdocs. So, after extracting the dvw folder here, you need to do some configuration. In the config folder, there is one file config.php. So, in this config.php, you will supply your MySQL root user and MySQL root user password. So, modify the password accordingly in this file. After this step, you have to restart the Apache service and MySQL service. The last step is launching the web browser and browse to the URL localhost dvwasetup.php. This step will create all the schema required in the database. Click on the create reset database button. So, you can see some users and some tables and database is created. So, this is about the installation of dvw application. Now, we will actually look into the attack which is using SQL injection. So, to start dvwasetup, again open web browser type URL localhost slash dvwa. So, you need to supply username password. Username is admin and password is password that is P-A-W-S-W-O-R-D. So, this is basically homepage of dvw application. At the left side, you can see one panel. There are various kinds of attack that you can perform, brute force, SQL injection, XSS, etcetera, etcetera. So, we are going to see some of these attacks. One is SQL injection and XSS reflected, XSS stored later. So, as professor already told that this dvw application has three levels of security. One is low, then medium and highest level is high. So, low is bit easier to hack. Medium is like somewhat difficult than low level and highest level of security is high. So, we will change the security level to the low first. So, for that you need to click on the dvw security, then change the level to low and submit. So, now the dvw security level is set to low. Now, actually we will see the SQL injection. Click on SQL injection in the left panel. So, here you will be supplied with some kind of form that is user ID is a input text box and you can have one submit button. So, what is this? Actually user ID is some kind of secret key. When you supply some secret key, it will give some information, personal information from the database. In this case, when you supply the user ID, it will give you first name and last name of the person. So, this is the form which will be supplied. Suppose, I type 1 and submit it. So, it is giving me first name and surname of the person. Similarly, 2, 3, 4. Suppose, I type some weird in this text box, see what happens. So, it is giving me some SQL syntax error and it is also showing that the background of the server is MySQL server. So, while typing at any web page, if you type something weird and if you get such kind of error, then you can assume that that website may be vulnerable to the SQL injection. Now, if I type some clever input like professor already told A or empty code equal to empty and submit it. Now, see what I got here? I got all the records from the database of all users. Now, we will see the source code of this web page and how this works. So, click on view source. So, in background what this web page is doing? This web page is getting the data from the input field and putting the data into the SQL query. The SQL query is. So, whatever you type in the input field that will be replaced here in this blank. So, I type A or empty codes equal to empty. So, this will be substituted here. So, that query becomes select first name, last name from users where user ID is equal to A or empty codes equal to empty. So, this condition will be always true. So, because of this condition, we will get all the records from the table. So, this is what actually executed on the server side and we get all the records from the table. Now, one another input 1 or 1 equal to 1 and hash. So, hash is like a command you can skip all the, you can skip the next string. So, this string also will give you all the records from the table, another one attack vector. So, basically select adder rate, adder rate host name, this is the SQL query to get the host name of the system. So, we are using union of this query and the previous query. So, that we can get the host name of the system. When I submit it, it will actually return me the host name of the system that is Ubuntu dash VB. Similarly, there is one query in the SQL from which you can get the content of any file which is hosted on the system. So, the query is select load underscore file and in bracket you can give the string representing the file name. So, currently now I am loading the content of the file slash etc slash password from the host server. So, this is the content of the slash etc slash password file. So, this was about the security level low. Now, we will change the security level to medium and see if these attack vectors works there. So, go to dvwa security, change level to medium and submit. Again go to SQL injection, first we will type 1, we get records 2 or 5. So, again we will type the attack vector a or empty string equal to empty. So, you got an SQL syntax error. If you see the error, you can see that for every code there is one slash that is pre-appended to the codes. So, because of that SQL we got SQL syntax error. So, if I type something that is which does not include any code. So, that will work. So, I type 1 or 1 equal to 1. So, see I got all the records from this query. If we see the source of this web page, you can see the additional one PHP function is applied on the input that is MySQL real escape string. This PHP function is used to pre-append the slash before the codes that is for escaping string that PHP function is used. So, the web page has some web page sanitize some of the input, but it is still vulnerable. So, this is about the dvwa SQL injection in later part we will see the XSS, dvwa XSS vulnerability in Monday's session.