Closed

Web crawling and detect SQL injection vulnerability

Spend approximately 2 to 3 hours on the challenge, please provide an architecture diagram as well as we are very interested in your thinking when building a solution, the code may use mocks in place of real external services.

Download a copy of DVWA VM: [login to view URL]

Write a short python program that will crawl the application and detect an SQL injection vulnerability in

the form at: /vulnerabilities/sqli/

Things to consider

• How to recover if the crawler process dies mid crawl.

• How this program could be extended across multiple servers.

• How the design could be extended to include multiple SQL injection payloads.

• How to avoid crawling out of scope or narrowing the focus of the crawler

• How to make the code easily testable

Guidance of the steps

• Authenticate to the app: admin/password

• Alter the 'security' cookie to 'low' in requests - otherwise filtering will be applied

• Use a logical check to confirm the vulnerability

• Exploit to obtain the database username and version (it is a MySQL database) as further confirmation

• Hint: there is a 'view source' button on the pages in DVWA to help you to understand the context of the

vulnerability

Python is our primary language so please use Python for this challenge, you are free to use whatever

libraries you are familiar with and deem necessary for the challenge.

The application doesn’t necessarily have to run if an architecture diagram is provided and the code is

suitably designed, using mock services.

Skills: Amazon Web Services, Java, MySQL, Python, Software Architecture

See more: stop sql injection sql, mssql php sql injection, sql injection prevention classic asp, sql injection practice site, how to test sql injection manually, sql injection test online free, sql injection test tool, sql injection test website, check website vulnerability sql injection online, sql injection vulnerability scanner, how to check website is vulnerable or not, web front end sql database, average web application developer sql net javascript flash, aspnet blind sql injection scan, web service insert sql forms, web table editor sql server, php htmlentities sql injection, hacking web text game sql injection, web penetration tester sql injection, asp security holes sql injection

About the Employer:
( 0 reviews ) Warrington, United Kingdom

Project ID: #19199760

1 freelancer is bidding on average ₹1300 for this job

hassan00942

I have a lot of experience in developing website using PHP & MySql. I done many projects but my current project is online payment processor like Perfect Money or Paypal. I have lot experience of Html, Php, Ajax, Jav More

₹1300 INR in 1 day
(0 Reviews)
0.0