Lesson Plan Title: Denial of Service from Multiple Logins

 

Concept / Topic To Teach:

Denial of service attacks are a major issue in web applications. If the end user cannot conduct business or perform the service offered by the web application, then both time and money is wasted.

 

General Goal(s):

This site allows a user to login multiple times. This site has a database connection pool that allows 2 connections. You must obtain a list of valid users and create a total of 3 logins.

Solution:

 

This site allows a user to login multiple times. There is a database connection pool that allows 2 connections. You must obtain a list of valid users and create a total of 3 logins.

 

Let's try a SQL Injection attack. Enter in the password field ' or '1' = '1

 

Figure 1 Lesson 20

 

Login with user name jsnow and password passwd1. Then login with user name jdoe and password passwd1. And finally login with jplane and passwd3.

 

Figure 2 Lesson 20 Completed

 

 

Solution by Erwin Geirnaert ZION SECURITY