• Guru Gobind Singh Indraprastha University

• COMPUTER S 101

Attacking a Vulnerable Web Application and Database (VM1-C.2) Section-1 Part 2: exposed XSS vulnerability: When we change the DVWA Security button to high then web application is be secure so then we type the script in search box then we get an error message, show in screenshot: Part 3: When we use SQL injection method then we use some SQL query to check the vulnerability of this web application. In this we type SQL query of ORDER BY clause then we see that: • if we type ‘ORDER BY 1’ then if it is not showing the syntax error then it means in showing result is belong in to first column. • if we type ‘ORDER BY 2’ then if it is not showing the syntax error then it means in showing result is belong in to second column. • if we type ‘ORDER BY 3’ then if it is showing the syntax error then it means in showing result is does not have third column.