Web Security/DVWA (2) 썸네일형 리스트형 [DVWA] Blind SQL Injection SQL Injection (Blind) If the web page where you want to attack doesn't print any errors and query result list, the attack from this pattern is hard to succeed. Because it doesn't provide query result data, we cannot confirm the data through attacks like a UNION query. In this case, Blind SQL Injection can usefully be used. In other words, the attack is an attack method that spills out a database.. [DVWA] Command Injection Command Injection This is an attack method calling a system command unintended by sending the data, after modifying an argument value of the Application calling the system command. When calling the system command to deal with specific data on Web Application, the attack often was taken place. If the command injection is used, a black hacker can upload a malicious script or files on the system by.. 이전 1 다음
