ComputerScienceExpert

(11)

$18/per page/

About ComputerScienceExpert

Levels Tought:
Elementary,Middle School,High School,College,University,PHD

Expertise:
Applied Sciences,Calculus See all
Applied Sciences,Calculus,Chemistry,Computer Science,Environmental science,Information Systems,Science Hide all
Teaching Since: Apr 2017
Last Sign in: 103 Weeks Ago, 3 Days Ago
Questions Answered: 4870
Tutorials Posted: 4863

Education

  • MBA IT, Mater in Science and Technology
    Devry
    Jul-1996 - Jul-2000

Experience

  • Professor
    Devry University
    Mar-2010 - Oct-2016

Category > Programming Posted 08 May 2017 My Price 11.00

Apply the injection attack to the web front end

Task 2 – Apply the injection attack to the web front end

Now that you have the idea of how to insert characters into an SQL command to alter it, try it with the web application. Point your browser at www.sqllabcollabtive.com and you should get the screen below.

 

The data from this login screen gets run through the following SQL command

SELECT ID, name, locale, lastlogin, gender, FROM users
WHERE (name = ’$user’ OR email = ’$user’) AND pass = ’$pass’;

With the input typed into the top box stored in the variable $user and from the second box in the variable $pass.

Your goal now is to replicate what you did in Task 1 by inserting the characters ’, --, ;, and ) as part of the username so that no matter what the password is, you can always log in as Alice.

To get you started, the first part of the string you will enter as the username is

alice’

Once you are successful, record the string and explain how it works to let you login with any password. Be sure that you are injecting a comment. There are other ways of completing this attack, but this first attempt should be a comment attack. Take a screenshot to show your work.

Task 3 – Modify the injection attack to the web front end

Task 2 was done by injecting characters into the username field of the web form to comment out the part of the SQL statement dealing with the password. An interesting thought experiment is whether you could inject characters into the password field of the web form instead. It turns out that this is ineffective in the web form for this application, but we can see the effect by going back to the command line MySQL interface.

Consider again the SQL statement

mysql> select name, lastlogin from user where name='alice' and pass='KingKong';

This time, change the string KingKong to your new injection string that could have been entered in the password field.

The general idea is the same, but it’s TRUE that you will have to use a different tactic than commenting out part of the query. Review the preparation material for hints on what to do.

Document your success by recording the string you used to replace KingKong and explaining how it modifies the original SQL query. Be sure to show a screenshot of your trials and ultimate success.

Answers

ComputerScienceExpert
(11)
Status NEW Posted 08 May 2017 03:05 AM My Price 11.00

-----------

Not Rated(0)