Scribd
Upload
11 views

Task 1: Get Familiar With SQL Statements: Docker PS' Showing The Two Containers

This document outlines tasks demonstrating SQL injection attacks and defenses. It shows how to log into a vulnerable website and database using SQL injection to retrieve all data and modify credentials. Then it modifies salaries and passwords using injected SQL statements. Finally, it discusses how to implement prepared statements as a countermeasure to prevent SQL injection by separating commands and data.

Uploaded by

john devey
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
11 views

Task 1: Get Familiar With SQL Statements: Docker PS' Showing The Two Containers

This document outlines tasks demonstrating SQL injection attacks and defenses. It shows how to log into a vulnerable website and database using SQL injection to retrieve all data and modify credentials. Then it modifies salaries and passwords using injected SQL statements. Finally, it discusses how to implement prepared statements as a countermeasure to prevent SQL injection by separating commands and data.

Uploaded by

john devey
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 14

Task 1: Get Familiar with SQL Statements

‘Docker ps’ showing the two containers

‘docker exec -it 790 /bin/bash’ gives a shell inside the container, then by using mysql client we have
connected to sqllab_users database.
‘show tables’ will show all the tables in the sqllab_users database.

From table credentials ,we have selected Alice record.


Task 2: SQL Injection Attack on SELECT Statement

Task 2.1: SQL Injection Attack from webpage.

We are going login into the webpage which is vulnerable to sql injection.

We have successfully logged in and got all data stored in the database.
Task 2.2: SQL Injection Attack from command line

Now we are using command-line tool which is curl ,it will send HTTP GET request to the URL.
We can see that we have got the same results here as well, all the data from database is showing.

Task 2.3: Append a new SQL statement


alice'; UPDATE credential SET Nickname='Alice' WHERE name='alice' ;#

The discovery failed because of a special protection mechanism implemented in MySQL, mysq_query
does not allow submitting multiple requests, Causing two consecutive requests for us to report an
error.

Task 3: SQL Injection Attack on UPDATE statement


First of all we will login into the Alice account

Note! Alice has Employee ID 10000 and Salary 20000


Now we are injecting malicious sql query that will change the Alice salary

As we can see that Alice has 199901 salary, mean our code is successfully injected.

Task 3.2: Modify other people’ salary.


Login into the boby account

Note! Boby has ID 20000 and salary 30000


Now we are injecting the code to reduce the boby salary to 1$.

Here we can see that boby salary is now 1$.

Task 3.3: Modify other people’ password


', Password='e812ba8d00b270ef3502bb53ceb31e8c5188f14e' where Name='Boby';#

Here we are changing the password for the boby profile ,now the new password for the boby profile
is “hacked”

Username=Boby, Password=hacked
We have successfully logged into the boby account with the above credentials.

Task 4: Countermeasure—Prepared Statement

In the previous tasks, we learned how to attack database by the SQL injection code. In this task, you
are asked to defend against the previous SQL injection attack you performed.

For testing, please login into the database

as task 2.1. to see whether you can login in without password. Figure 17 shows modifying the code.

Figure 18 shows the result after you have executed the counter measurement.
Here we can see that after applying prepared statements into the webpage,

Now its not looking vulnerable to the simple sql injection commands.

You might also like