Burp Suite? No Thanks! Blind SQLi in DVWA With Python (Part 2)

Bug Bounty

Hi hackers! After pwning low-security DVWA with a blind SQL Injection attack, it’s time to try a medium level of security by using Python!
I’m going to assume that you read the previous post at this link so that we can focus our efforts just on new concepts.

If you are not familiar with SQL Injection, here there is a list of all my previous articles that can make you an SQLi ninja!

In-Band SQL injection

Blind SQL injection

So our starting point will be the python script that we used to exploit DVWA with a low-security level, and from that, we will make some little changes to face the medium level of difficulty.

As you already should know I’m lazy, so I will not configure a machine of my own again this time but I’m going to use the preconfigured one at TryHackMe.

You can find a brief explanation of the configuration steps in this article:

But now let’s start with the real challenge!

Prerequisites

As you already may know, I tried to build a little library that will allow you to focus just on the Blind SQL Injection attack (and ignore the login part plus the CSRF token management), so before following the tutorial get the “utils.py” file from the GitHub repository in this link (You can also find the whole code at the end if you prefer copy-pasting).

After that you should install the following libraries:

You can do that by typing this on your terminal:

pip install beautifulsoup4 requests

There is no more to do, you are ready to start!

Step #0: The Differences with low-security DVWA

Probably this is the most important section if you already have read the previous article.

We want to perform a Blind SQL injection attack with python on DVWA after setting the security level as “medium”.
We already did most of the work, so we can focus just on the differences between Low-Security and Medium-Security.

There are only two main differences that would make us change our previously taken approach.

Leave a Reply

Your email address will not be published. Required fields are marked *