tag:blogger.com,1999:blog-3285005982004154848.post818112557094256557..comments2023-04-13T03:45:55.838-05:00Comments on Why Joseph: SQLi with Python and DVWA: article 201304Joseph Kahlichhttp://www.blogger.com/profile/04732459645244314872noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-3285005982004154848.post-64071931014631202392015-08-22T15:28:41.840-05:002015-08-22T15:28:41.840-05:00In my case, it was helpful to lower down the secur...In my case, it was helpful to lower down the security level of DVWA to "low" to meet this problem.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3285005982004154848.post-73087972934940499832013-03-17T13:46:52.976-05:002013-03-17T13:46:52.976-05:00Here you go. This script and couple of others:
ht...Here you go. This script and couple of others:<br />https://bitbucket.org/whyJoseph/spse-whyjoseph/srcJoseph Kahlichhttps://www.blogger.com/profile/04732459645244314872noreply@blogger.comtag:blogger.com,1999:blog-3285005982004154848.post-7973551679403573522013-03-17T11:19:25.446-05:002013-03-17T11:19:25.446-05:00You are right. I have been lazy about that. I wil...You are right. I have been lazy about that. I will set up a repository somewhere.Joseph Kahlichhttps://www.blogger.com/profile/04732459645244314872noreply@blogger.comtag:blogger.com,1999:blog-3285005982004154848.post-24570191468187717452013-03-17T11:18:06.007-05:002013-03-17T11:18:06.007-05:00My apologies for the delay. Do you have something ...My apologies for the delay. Do you have something similar to this in your script?<br /><br />#Inserting the SQL Injection into the form field and submitting<br />browser.select_form(nr=0)<br />browser.form['id'] = hotSQLinjection<br />browser.submit()Joseph Kahlichhttps://www.blogger.com/profile/04732459645244314872noreply@blogger.comtag:blogger.com,1999:blog-3285005982004154848.post-72477723268962590702013-02-26T10:03:01.064-06:002013-02-26T10:03:01.064-06:00quick update - its not that the page isnt getting ...quick update - its not that the page isnt getting parsed. It appears that the SQLi in hotSQLinjection is not getting submitted...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3285005982004154848.post-38677680515489624792013-02-26T09:51:43.142-06:002013-02-26T09:51:43.142-06:00Thanks Joe - quick question. I am taking the cours...Thanks Joe - quick question. I am taking the course as well. I have modified my code with some of your suggestions. I am having a problem getting the page read and BS to parse. Any idea why that might be happening? I get logged in (had to change the credentials from what you had in your script) but cannot read or parse the page.<br /><br />Here is my output:<br />#################################Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3285005982004154848.post-8222061543161475752013-02-24T21:19:27.777-06:002013-02-24T21:19:27.777-06:00Hi, it would be nice if you put a link to your cod...Hi, it would be nice if you put a link to your code on pastebin or a similar page to keep the identation and order of the code.<br /><br />Thanks for the post, it encourages me more to keep coding in python.Anonymousnoreply@blogger.com