Professional Documents
Culture Documents
Fig.1
Fig.2
Injection Flaws
Numeric SQL Injection: Within the programming code for the task where the line SELECT *
FROM weather_data WHERE station = 101 is located; if I changed the 101 to 101 or 1=1
which allows the code to be read as true for each of the weather stations (Fig.3).
Fig.3
String SQL Injection: In the entry box any name or word can be enter as long as the variable
1=1 present which makes any name true (Fig.4).
Fig.4
Modify Data and Add Data: In the data input, if the argument contains UPDATE saleriad SET
salary=999999 WHERE userid=jsmith, no matter which name is input the user name jsmith
the arguement will be true and the salary will update to 999999 (Fig.5).
Fig.5
Blind Numeric SQL Injection: By altering the code to allow the account number to be any
number, all numbers will be true (Fig.5&6)
Fig.5
Fig.6
Blind String SQL Injection: By changing the string of text to compare characters, the argument
will check to see if the account name is between certain character lengths and letter combinations
(Fig.7&8).
Fig.7
Fig.8
SQL Injection Stage 1: Using the OWASP ZAP program, I broke the injection then on the
WebGoat injection login field I enter a random string of numbers and selected login. Now in
the OWASP break window the employee ID, password and action are displayed where I can
make modifications. I changed the password to OR 1=1 which makes any password enter
true (Fig.9&10).
Fig.9
Fig.10
SQL Injection Stage 3: By altering the employee ID to ready 101 OR 1=1 ORDER BY salary
desc the 1=1 ORDER BY salary desc overrules the Larry ID 101 to display the employee with
the highest salary (Fig.11&12).
Fig.11
Fig.12