Task 1: Get Familiar with SQL Statements

‘Docker ps’ showing the two containers

‘docker exec -it 790 /bin/bash’ gives a shell inside the container, then by using mysql client we have
connected to sqllab_users database.
‘show tables’ will show all the tables in the sqllab_users database.

From table credentials ,we have selected Alice record.

Task 2: SQL Injection Attack on SELECT Statement

Task 2.1: SQL Injection Attack from webpage.

We are going login into the webpage which is vulnerable to sql injection.

We have successfully logged in and got all data stored in the database.
Task 2.2: SQL Injection Attack from command line

Now we are using command-line tool which is curl ,it will send HTTP GET request to the URL.
We can see that we have got the same results here as well, all the data from database is showing.

Task 2.3: Append a new SQL statement

alice'; UPDATE credential SET Nickname='Alice' WHERE name='alice' ;#

The discovery failed because of a special protection mechanism implemented in MySQL, mysq_query
does not allow submitting multiple requests, Causing two consecutive requests for us to report an
error.

Task 3: SQL Injection Attack on UPDATE statement

First of all we will login into the Alice account

Note! Alice has Employee ID 10000 and Salary 20000

Now we are injecting malicious sql query that will change the Alice salary

As we can see that Alice has 199901 salary, mean our code is successfully injected.

Task 3.2: Modify other people’ salary.

Login into the boby account

Note! Boby has ID 20000 and salary 30000

Now we are injecting the code to reduce the boby salary to 1$.

Here we can see that boby salary is now 1$.

Task 3.3: Modify other people’ password

', Password='e812ba8d00b270ef3502bb53ceb31e8c5188f14e' where Name='Boby';#

Here we are changing the password for the boby profile ,now the new password for the boby profile
is “hacked”

Username=Boby, Password=hacked
We have successfully logged into the boby account with the above credentials.

Task 4: Countermeasure—Prepared Statement

In the previous tasks, we learned how to attack database by the SQL injection code. In this task, you
are asked to defend against the previous SQL injection attack you performed.

For testing, please login into the database

as task 2.1. to see whether you can login in without password. Figure 17 shows modifying the code.

Figure 18 shows the result after you have executed the counter measurement.
Here we can see that after applying prepared statements into the webpage,

Now its not looking vulnerable to the simple sql injection commands.