9d8c58bef3
git-svn-id: http://webgoat.googlecode.com/svn/trunk@367 4033779f-a91e-0410-96ef-6bf7bf53c507
39 lines
1.7 KiB
HTML
39 lines
1.7 KiB
HTML
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
|
<html>
|
|
<head>
|
|
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
|
<title>Solution Lab SQL Injection Stage1</title>
|
|
<link rel="stylesheet" type="text/css"
|
|
href="lesson_solutions/formate.css">
|
|
</head>
|
|
<body>
|
|
<p><b>Lesson Plan Title:</b> How to Perform a SQLInjection</p>
|
|
|
|
<p><b>Concept / Topic To Teach:</b><br />
|
|
SQL injection attacks represent a serious threat to any database-driven
|
|
site. The methods behind an attack are easy to learn and the damage
|
|
caused can range from considerable to complete system compromise.
|
|
Despite these risks, an incredible number of systems on the internet are
|
|
susceptible to this form of attack.</p>
|
|
|
|
<p>Not only is it a threat easily instigated, it is also a threat
|
|
that, with a little common-sense and forethought, can easily be
|
|
prevented.</p>
|
|
|
|
<p>It is always good practice to sanitize all input data, especially
|
|
data that will used in OS command, scripts, and database queiries, even
|
|
if the threat of SQL injection has been prevented in some other manner.
|
|
</p>
|
|
|
|
<p><b>General Goal(s):</b><br />
|
|
For this exercise, you will perform SQLInjection attacks. You will also
|
|
implement code changes in the web application to defeat these attacks.</p>
|
|
|
|
<p><b>Solution:</b><br />
|
|
Select Neville as user to log in. Make sure WebScarab will intercept the next request.
|
|
Hit the Login Button and Change the password parameter in WebScarab to smith' OR '1' = '1.
|
|
Et voila you are logged in as Neville without knowing the password as the query
|
|
will lookup if the password is smith and if not it controls if 1=1 what
|
|
return true.</p>
|
|
</body>
|
|
</html> |