Lab10 SQL Injection Attack Lab
Yukui Ye
SUID: 439644268
Task1: SQL Injection Attack on SELECT Statements
Setup: Turn off build-in SQL injection protection
Set magic_quotes_gpc value to ‘off’ in file /etc/php5/apache2/php.ini in order to turn it off.
Then restart it:
Task1.1: Log into another person’s account without knowing the password
Check the login part code to see how it login works.
Following is the PHP codes run at server side.
From the above code, we can tell how server send query to Database. But we can still guess to login without knowing the user’s passward by typing “bob’);-- “( space after the comment’--’ )
By doing above thing, we successfully log into user’s account.
Task1.2: Find a way to modify the database.
…show more content…
Step2: Now, we are trying to modify the password of bob. Login as alice and modify the profile. Change name to bob. ATTENTION: The password we are going to write in the company field should be hashed. By searching for the internet, I found that string” 123456” is “7c4a8d09ca3762af61e59520943dc26494f8941b”
In the company field, type like this :
SU’,pass=’7c4a8d09ca3762af61e59520943dc26494f8941b’ where ID=3 --
Now login bob with our password 123456
We can successfully login and changed the bob’s profile.
Task3: Countermeasures
I add debug output information in login function at PHP file in order to what will happen with following countermeasures.
Task3.1: Escaping Special Characters using magic_quotes_gpc
Set magic_quotes_gpc to on, and restart server.
when you press “comment a” on the keyboard, it immediately show code on the top of the window.
We could see there is blackslash before single quote that we input in user name field. This setting escape the quote automatically, therefore even if we use’--’to comment the statement, we cannot match the quote. Thus, we cannot login.
Task3.2: Escaping Special Characters using mysql real escape string
Set magic_quotes_gpc to Off.
Uncomment mysql_real_escape_string in PHP file for login section.
Do the same task in Task1, but we cannot login successfully, The code shows on the top of the window is the same as the previous task, there is blackslash before
- Decent Essays
Target Information Security Policy
- 662 Words
- 3 Pages
All user-chosen passwords should be complex in nature (e.g., containing mixed case and two non-alphabetic characters. Non-alphabetic characters include numbers (0-9) and punctuation. The use of control characters and other non-printing characters is discouraged because they may inadvertently cause network transmission problems.
- 662 Words
- 3 Pages
Decent Essays - Better Essays
Info Security Lab 4
- 613 Words
- 3 Pages
Both Wireshark and NetWitness Investigator can be used for packet capture and analysis. Which tool is preferred for each task, and why?
- 613 Words
- 3 Pages
Better Essays - Decent Essays
Nt1310 Unit 1 Term Paper
- 570 Words
- 3 Pages
Pass-the-Hash – to steal and reuse password hash values, which can be used directly as an authenticator to access services on behalf of the user through single sign-on (SSO) authentication
- 570 Words
- 3 Pages
Decent Essays - Better Essays
Essay about Tft2 - Heart Healthy Task 1
- 1524 Words
- 7 Pages
Heart-Healthy password policy guideline is a recommendation for creating a new user password. This policy is a guideline to help end users in:
- 1524 Words
- 7 Pages
Better Essays - Good Essays
Nt1330 Unit 3 Assignment 1
- 941 Words
- 4 Pages
shown in Table 2. It indicates that all the default alphabet password which is "jackson" can be
- 941 Words
- 4 Pages
Good Essays - Decent Essays
Nt1310 Unit 3 Assignment
- 563 Words
- 3 Pages
In-game username: My IGN is currently PwnHub but in two days it will become my original which is {PwnZwn123}
- 563 Words
- 3 Pages
Decent Essays - Decent Essays
Essay on Netw 202 week 5
- 980 Words
- 4 Pages
Notice that the commands that you entered to establish passwords for the various modes of access are now password protected and that you can read the passwords. (1 point)
- 980 Words
- 4 Pages
Decent Essays - Satisfactory Essays
Nt1330 Unit 3 Assignment 3.1
- 137 Words
- 1 Pages
Use keys received in step2 to login as authenticated user. 4. If authentication is
- 137 Words
- 1 Pages
Satisfactory Essays - Satisfactory Essays
Nt1330 Unit 1 Assignment 3 Essay
- 75 Words
- 1 Pages
Your username would be your email address that I am replying to, and if you ever log into our website it would be the same password that you have used in the past. If you have forgotten your password you can reset it online on the log in page , or call me at my direct line listed in the signature below. Please feel free to reach out if you have any questions or concerns.
- 75 Words
- 1 Pages
Satisfactory Essays - Satisfactory Essays
Nt1330 Unit 1 Use Case Study
- 488 Words
- 2 Pages
The User ID and Password will be provided to the user once the user completes the
- 488 Words
- 2 Pages
Satisfactory Essays - Satisfactory Essays
Nt1330 Unit 1 Case Study
- 406 Words
- 2 Pages
In preparation of the approval of Mr. K. Grooms’ request, the Web Developer sent a reminder what his login ID is and reset his password. The new password was securely sent to him.
- 406 Words
- 2 Pages
Satisfactory Essays - Satisfactory Essays
Nt1310 Unit 1 Assignment 1 Online Account
- 201 Words
- 1 Pages
Thank you for writing. After looking over your account, you have an online account already created. The username is "bigwillokc", please let us know if you need assistance resetting the password.
- 201 Words
- 1 Pages
Satisfactory Essays - Decent Essays
Nt1310 Unit 3 Lab Report
- 374 Words
- 2 Pages
Can you pick out the password from the packets in Wireshark? Record your observations. These observations will help you with your lab report. After inserting the password and userid it can clearly be seen on the last line of the detail area.
- 374 Words
- 2 Pages
Decent Essays - Decent Essays
Two Factor Authentication Essay
- 737 Words
- 3 Pages
Two-factor authentication (2FA) essentially adds another level of authentication for your log-ins. Instead of using only your username and password, you need
- 737 Words
- 3 Pages
Decent Essays - Decent Essays
Cyber Security Essay
- 648 Words
- 3 Pages
The Merriam-Webster’s Dictionary defines cyber security measures taken to protect a computer or computer system (as on the Internet) against unauthorized access or attack Most people think that hackers are just people that want to mess up your computer, but real hackers break into systems because they want to see what they can do, then they might leave a message on the victims computer, but that’s it. So, the computer security people protect from those other hackers that want to mess up peoples computers. The means we take can as individual to protect ourselves in the cyber world is be anyomous on websites, don’t post your personal information ,have virus protection install on your computer, get spy
- 648 Words
- 3 Pages
Decent Essays