Web crawling and SQL injection vulnerability detection

Spend approximately 2 to 3 hours on the challenge, please provide an architecture diagram as well as we are very interested in your thinking when building a solution, the code may use mocks in place of real external services.

Download a copy of DVWA VM: [login to view URL]

Write a short python program that will crawl the application and detect an SQL injection vulnerability in

the form at: /vulnerabilities/sqli/

Things to consider

• How to recover if the crawler process dies mid crawl.

• How this program could be extended across multiple servers.

• How the design could be extended to include multiple SQL injection payloads.

• How to avoid crawling out of scope or narrowing the focus of the crawler

• How to make the code easily testable

Guidance of the steps

• Authenticate to the app: admin/password

• Alter the 'security' cookie to 'low' in requests - otherwise filtering will be applied

• Use a logical check to confirm the vulnerability

• Exploit to obtain the database username and version (it is a MySQL database) as further confirmation

• Hint: there is a 'view source' button on the pages in DVWA to help you to understand the context of the


Python is our primary language so please use Python for this challenge, you are free to use whatever

libraries you are familiar with and deem necessary for the challenge.

Skills: Java, Linux, MySQL, Python, Software Architecture

See more: stop sql injection sql, mssql php sql injection, sql injection prevention classic asp, message boards web part sql server 2005, skills web java sql, web page sql database input, aspnet blind sql injection scan, php htmlentities sql injection, web based sql client, web crawling demo, broadlook web crawling, built web site sql, hacking web text game sql injection, web penetration tester sql injection, study sql injection attacks web application, web application sql injection preventer source code java, sql injection vulnerability, check website vulnerability sql injection, how to fix sql injection vulnerability

About the Employer:
( 0 reviews ) Manchester, United Kingdom

Project ID: #19206417

Awarded to:


I am Ring. I am about 18+ years experienced in GNU/Linux based system, server installation and customization, develop, deploy, security and support. I may help you in this regard.

₹2000 INR in 1 day
(9 Reviews)

2 freelancers are bidding on average ₹1625 for this job


"Hi, Hope you are doing well! Thanks for sharing your project requirement with us. It will be our great pleasure to work on your project. I have checked your requirement, yes we can do it, because we already work on si More

₹1250 INR in 7 days
(3 Reviews)