CONFIDENTIAL

SECURITY AUDIT

SQL Injection Pentest Report

Infrastructure Assessment v1.0

PREPARED BY:

Youssef Moataz

Security Researcher

DATE: April 15, 2026

1. Executive Summary

This audit details critical vulnerabilities identified within the DVWA platform. Exploitation of the id parameter confirmed that unsanitized input is passed directly to the database layer, allowing for unauthorized record retrieval.

Risk Status: CRITICAL. The application is vulnerable to full database compromise.

2. Scope & Objectives

Assessment limited to the SQL Injection module (LOW security). Objectives:

Map attack surface for the id parameter.
Exploit Boolean, UNION, and Time-based vectors.
Measure impact on user data confidentiality.
Validate custom detection signatures.

3. Technical Methodology

Phase	Activity	Tools
Probing	Manual heuristic testing with Boolean logic.	DevTools
Automation	Database enumeration and exfiltration.	SQLMap
Logic Check	Bespoke script validation for timing logs.	Python 3

Authentication State

PHPSESSID=9e124456d84d6cd2cecb9df8d2f9c4d0; security=low

4. Vulnerability Matrix

Vulnerability	Severity	Impact
Blind SQLi (Time-based)	CRITICAL	Information leakage via inference.
UNION-Based SQLi	CRITICAL	Bulk exfiltration of database entries.
MD5 Hash Exposure	HIGH	Credentials recovered and decrypted.

5. Exfiltration Analysis

Verified dump of the users table:

User	MD5 Hash	Plaintext
admin	5f4dcc3b5...	password
gordonb	e99a18c42...	abc123
1337	8d3533d75...	charley
pablo	0d107d09f...	letmein
smithy	5f4dcc3b5...	password

6. Appendix: Evidence

Fig 1.0: Target Application (DVWA Environment)

Fig 1.1: Multi-vector Detection (SQLMap Heuristic)

Fig 1.2: Schema Enumeration ('users' Table)

Fig 1.3: Data Exfiltration (MD5 Hash Recovery)

Fig 1.4: Final Dictionary Attack Verification

Fig 1.5: Custom Python Analysis Script Tracing

7. Remediation

Immediate migration to Prepared Statements (PDO) is required.

Secure Payload Handling (PHP)

$stmt = $pdo->prepare('SELECT * FROM users WHERE id = :id');
$stmt->execute(['id' => $id]);

AUDITOR: