2

I've been following this video(https://www.youtube.com/watch?v=XDCZ8FC856s) to install bWAPP on Parrot OS and everything works fine except SQL Injection. I've checked the database and its active. As you can see:

enter image description here

And when I select SQL Injection(GET/Search) it just displays a blank white screen.

enter image description here

I've checked for answers in a couple of places but haven't found a robust answer. Any help would be awesome thanks.

Browser: Firefox Quantum 60.0.1(64-bit) OS: Parrot( I also tried the same on Kali)

Prashant Pimpale
  • 10,349
  • 9
  • 44
  • 84
AzyCrw4282
  • 7,222
  • 5
  • 19
  • 35
  • 1
    Most SQL injections don't result in a clever hacking of your site — they result in an fatal error that prevents the web request from returning any data at all. So you need to examine the web app's error logs to find out what happened. – Bill Karwin Sep 01 '18 at 20:11
  • 1
    Hi sir, thank you for your reply. I've been able to locate the error and this is what it shows: [Sun Sep 02 16:18:46.903310 2018] [php7:error] [pid 2844] [client ::1:38368] PHP Fatal error: Uncaught Error: Call to undefined function mysql_connect() in /var/www/html/bWAPP/connect.php:23\nStack trace:\n#0 /var/www/html/bWAPP/sqli_1.php(23): include()\n#1 {main}\n thrown in /var/www/html/bWAPP/connect.php on line 23, referer: http://localhost/bWAPP/portal.php. Is there a solution for this? Thx. – AzyCrw4282 Sep 02 '18 at 14:23
  • What happens when you access `http://localhost/bWAPP` ? –  Jun 05 '20 at 11:45
  • I had performed this some time ago and don't recall well to answer that I am afraid. But everything worked upon following @bills answer – AzyCrw4282 Jun 05 '20 at 15:12

1 Answers1

2

PHP Fatal error: Uncaught Error: Call to undefined function mysql_connect()

It looks like your code uses the mysql extension, and that extension is not present.

In other words, the error has nothing to do with SQL injection. The code for this app can't run given the PHP installation you have installed.

Run the command php --version, you'll see something like this:

$ php --version
PHP 7.1.16 (cli) (built: Mar 31 2018 02:59:59) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.1.0, Copyright (c) 1998-2018 Zend Technologies

You probably you have PHP 7.0 or later, in which the mysql extension is no longer available. If that's the version of PHP you have, then you will have to change the code of your application, so that it uses either mysqli or PDO.

See these answers from 2016:

Editing code from the outdates mysql extension to the mysqli extension is pretty easy.

The other possibility is that you have PHP 5.6, but the installation is incomplete. You may be able to install an optional package to add the mysql extension to a PHP 5 installation. See this answer:

Bill Karwin
  • 538,548
  • 86
  • 673
  • 828