WebGoat/webapp/lesson_solutions/Lab SQL Injection/Lab Numeric SQL Injection.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Solution Lab SQL Injection Stage3</title>
<link rel="stylesheet" type="text/css"
	href="lesson_solutions/formate.css">
</head>
<body>
<p><b>Lesson Plan Title:</b> How to Perform a SQLInjection</p>

<p><b>Concept / Topic To Teach:</b><br />
SQL injection attacks represent a serious threat to any database-driven
site. The methods behind an attack are easy to learn and the damage
caused can range from considerable to complete system compromise.
Despite these risks, an incredible number of systems on the internet are
susceptible to this form of attack.</p>

<p>Not only is it a threat easily instigated, it is also a threat
that, with a little common-sense and forethought, can easily be
prevented.</p>

<p>It is always good practice to sanitize all input data, especially
data that will used in OS command, scripts, and database queiries, even
if the threat of SQL injection has been prevented in some other manner.
</p>

<p><b>General Goal(s):</b><br />
For this exercise, you will perform SQLInjection attacks. You will also
implement code changes in the web application to defeat these attacks.</p>

<p><b>Solution:</b><br />
Choose Larry to log in with password larry. Select yourself from the list 
and make sure that WebScarab will intercept the next request. Replace the id 101 with following:
<br/>
101 OR 1=1 ORDER BY salary desc <br/>
<p>With '101 OR 1=1' we have a SQL Statement which is always true. It will
get all the employees from the db but only return one of them. That is why we have to ensure we get 
the "Big Fish" which is the employee earning most. With 'ORDER BY SALARY DESC' we guarantee exactly this.
</body>
</html>