Please read this article first : How to setup DVWA using XAMPP on a windows
Once you are done with the setup, follow the below steps to try SQL Injection on your DVWA !!! DVWA ( damn vulnerable web application) is one the readymade web application environment used for testing several attacks. It is purely used for educational purposes. We will be showing here how we can perform SQL injection using dvwa.SQL injection is one of the very old method of system penetrations. It means firing an SQL query in the database and making a database burp out information you desire. Structured query language being well structured has its own flaws which can be exploited. Using certain keywords as mentioned below breaks the query into a set of instructions which can even bypass the password fields. For an instance writing 1'=1-- in the username field after typing username will bypass the password. This means whether password matches or not still give an access. These flaws are obviously no more there as with increasing security there are patches inbuilt in programming now. Still as a developer you can keep in mind while creating date input fields that your need to mention enough conditional checks so that before data is sent over the server it has already been filtered. Go ahead and enjoy the stunts. Not to forget that these are only for educational purpose. Do not ever try it on actual server with any bad intention. As it might lead you behind the bars. Happy learning..!!
