SQL Injection Game

Pre-Requisite Knowledge and Skills

1. Understand the basics of database security
2. Understand the basics of SQL command
3. Be able to use boolean expressions to bypass the password checking

Learning Objective:
1. Understand the risks of unsecure web database
2. Understand the basics of SQL injection
3. Be able to construct boolean expressions to bypass the password checking in unsecure
web database
4. Be able to complete a series of tasks with Administrator provilage obtained through SQL
injection.

Recommended Running Environment and Software:

1. Computers Running Windows 7 or Window 10 x64 OS
2. Unity3D Exe files and data folders of SQL Injection Game

Instructional Material:
1. of SQL Injection Game
2. In-game Instructions of Gameplay
3. PPT Lecture Slides

Video Demonstration:
1. to be developed

Lab Instructions

SQL Injection Game Main Menu

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an
application the web application that controls the login page will communicate with the database
through a series of planned commands so as to verify the username and password combination. An
attacker needs to perform an SQL Injection hacking attack is a web browser, knowledge of SQL
queries and creative guess work to important table and field names. We will perform an attack on one
of the webpage on seed lab which is vulnerable to SQL injection. We will craft a SQL injection to
login the admin user profile.

Tutorial
 Click on the dropdown menu button next to the “Username” to select the user.

1. At the beginning of the game, student can choose whatever username and password to try to
login the web database.
2. The student will find out random guess of the password will not work.
3. Now student will choose “Admin” username and type in SQL injection code to the
password box. The SQL injection code is ' or 1=1; #

4. After type in “Admin” password using SQL injection code, the student can login as an
administrator to see all databased user information.
5. The knowledge behind the SQL injection can be explained through Right side panel. Using
Boolean expression, the password checking is now reformulated as
Password = ‘ ‘ or 1=1; (This Boolean expression will be always true)
#’”; (This line commented out remaining code in the line)

6. After login as an administrator, click on “Update” button to see all user information.Click
on “Show all information” button.
7. Now we will go back to main menu and change salary information of each user. For
example, we will reduce Alice‘s salary to 1,
8. Click “Logout” button to return to main menu.

9. Now, let the student login as each user and password using the same SQL injection code.
10. After login, click on “Update”. And click on “SQL Injection” button.

11. Student will see the Nick name input box has SQL injection code. This SQL code change
the salary of Alice to 1.
12. Click “Save” button, and the Alice’s salary now changed to 1.
Discussion
 What is the risk of unsecure web database?
 How the SQL injection works to bypass password checking and changing user information?