Lesson Plan Title: How to Perform String SQL Injection
Concept / Topic To Teach:
attacks represent a serious threat to any database-driven site. The methods
behind an attack are easy to learn and the damage caused can range from
considerable to complete system compromise. Despite these risks, an incredible
number of systems on the internet are susceptible to this form of attack.
Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can easily be prevented.
It is always good practice to sanitize all input data, especially data that will used in OS command, scripts, and database queries, even if the threat of SQL injection has been prevented in some other manner.
The form below allows a user to view their credit card numbers. Try to inject an SQL string that results in all the credit card numbers being displayed. Try the user name of 'Smith'.
Compared with the previous lesson, there is now a string parameter and not an integer.
Strings must be terminated with single quotes to have a valid SQL Query.
Figure 1 Lesson 18
The query used in this lesson is: SELECT * FROM user_data WHERE last_name = 'Your Name'
Enter for the last name value: Erwin' OR '1'='1
Figure 2 Lesson 18 Completed
|Solution by Erwin Geirnaert|