Lesson Plan Title: How to Create Database Back Door Attacks.

Concept / Topic To Teach:

How to Create Database Back Door Attacks.

How the attacks works:

Databases are used usually as a backend for web applications. Also it is used as a media of storage. It can also be used as a place to store a malicious activity such as a trigger. A trigger is called by the database management system upon the execution of another database operation like insert, select, update or delete. An attacker for example can create a trigger that would set his email address instead of every new user's email address.

General Goal(s):

* Your goal should be to learn how you can exploit a vulnerable query to create a trigger.
* You will not be able to actually create one in this lesson because the underlying database engine used with WebGoat doesn't support triggers.
* Your login ID is 101.